Skip to content

Commit 73a569b

Browse files
rikardfalkeborndanmar
rikardfalkeborn
authored and
danmar
committed
TestBufferOverRun: Handle string literals (danmar#2287)
1 parent f83eb12 commit 73a569b

File tree

2 files changed

+32
-8
lines changed

2 files changed

+32
-8
lines changed

lib/checkbufferoverrun.cpp

Lines changed: 3 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -188,10 +188,7 @@ static bool getDimensionsEtc(const Token * const arrayToken, const Settings *set
188188
while (Token::Match(array, ".|::"))
189189
array = array->astOperand2();
190190

191-
if (!array->variable())
192-
return false;
193-
194-
if (array->variable()->isArray() && !array->variable()->dimensions().empty()) {
191+
if (array->variable() && array->variable()->isArray() && !array->variable()->dimensions().empty()) {
195192
*dimensions = array->variable()->dimensions();
196193
if (dimensions->size() >= 1 && ((*dimensions)[0].num <= 1 || !(*dimensions)[0].tok)) {
197194
visitAstNodes(arrayToken,
@@ -244,7 +241,7 @@ static std::vector<const ValueFlow::Value *> getOverrunIndexValues(const Token *
244241
continue;
245242
allKnown = false;
246243
}
247-
if (array->variable()->isArray() && dimensions[i].num == 0)
244+
if (array->variable() && array->variable()->isArray() && dimensions[i].num == 0)
248245
continue;
249246
if (value->intvalue == dimensions[i].num)
250247
equal = true;
@@ -275,7 +272,7 @@ void CheckBufferOverrun::arrayIndex()
275272
const Token *array = tok->astOperand1();
276273
while (Token::Match(array, ".|::"))
277274
array = array->astOperand2();
278-
if (!array|| !array->variable() || array->variable()->nameToken() == array)
275+
if (!array || ((!array->variable() || array->variable()->nameToken() == array) && array->tokType() != Token::eString))
279276
continue;
280277
if (!array->scope()->isExecutable()) {
281278
// LHS in non-executable scope => This is just a definition

test/testbufferoverrun.cpp

Lines changed: 29 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -86,7 +86,7 @@ class TestBufferOverrun : public TestFixture {
8686
TEST_CASE(array_index_1);
8787
TEST_CASE(array_index_2);
8888
TEST_CASE(array_index_3);
89-
// TODO string TEST_CASE(array_index_4);
89+
TEST_CASE(array_index_4);
9090
TEST_CASE(array_index_6);
9191
TEST_CASE(array_index_7);
9292
TEST_CASE(array_index_11);
@@ -189,6 +189,7 @@ class TestBufferOverrun : public TestFixture {
189189
TEST_CASE(pointer_out_of_bounds_1);
190190
// TODO TEST_CASE(pointer_out_of_bounds_2);
191191
TEST_CASE(pointer_out_of_bounds_3);
192+
TEST_CASE(pointer_out_of_bounds_4);
192193
// TODO TEST_CASE(pointer_out_of_bounds_sub);
193194

194195
// TODO TEST_CASE(strncat1);
@@ -385,13 +386,16 @@ class TestBufferOverrun : public TestFixture {
385386

386387
void array_index_4() {
387388
check("char c = \"abc\"[4];");
388-
ASSERT_EQUALS("[test.cpp:1]: (error) Array index out of bounds: \"abc\"\n", errout.str());
389+
ASSERT_EQUALS("[test.cpp:1]: (error) Array '\"abc\"[4]' accessed at index 4, which is out of bounds.\n", errout.str());
389390

390391
check("p = &\"abc\"[4];");
391392
ASSERT_EQUALS("", errout.str());
392393

393394
check("char c = \"\\0abc\"[2];");
394395
ASSERT_EQUALS("", errout.str());
396+
397+
check("char c = L\"abc\"[4];");
398+
ASSERT_EQUALS("[test.cpp:1]: (error) Array 'L\"abc\"[4]' accessed at index 4, which is out of bounds.\n", errout.str());
395399
}
396400

397401
void array_index_3() {
@@ -2814,6 +2818,29 @@ class TestBufferOverrun : public TestFixture {
28142818
ASSERT_EQUALS("[test.cpp:3]: (portability) Undefined behaviour, pointer arithmetic 's->a+100' is out of bounds.\n", errout.str());
28152819
}
28162820

2821+
void pointer_out_of_bounds_4() {
2822+
check("const char* f() {\n"
2823+
" g(\"Hello\" + 6);\n"
2824+
"}");
2825+
ASSERT_EQUALS("", errout.str());
2826+
2827+
check("const char* f() {\n"
2828+
" g(\"Hello\" + 7);\n"
2829+
"}");
2830+
ASSERT_EQUALS("[test.cpp:2]: (portability) Undefined behaviour, pointer arithmetic '\"Hello\"+7' is out of bounds.\n", errout.str());
2831+
2832+
check("const char16_t* f() {\n"
2833+
" g(u\"Hello\" + 6);\n"
2834+
"}");
2835+
ASSERT_EQUALS("", errout.str());
2836+
2837+
check("const char16_t* f() {\n"
2838+
" g(u\"Hello\" + 7);\n"
2839+
"}");
2840+
ASSERT_EQUALS("[test.cpp:2]: (portability) Undefined behaviour, pointer arithmetic 'u\"Hello\"+7' is out of bounds.\n", errout.str());
2841+
}
2842+
2843+
28172844
void pointer_out_of_bounds_sub() {
28182845
check("void f() {\n"
28192846
" char x[10];\n"

0 commit comments

Comments
 (0)