testbufferoverrun; fixed TODO test cases for pointer arithmetic overflows

danmar · danmar · commit b8314289c666 · 2021-05-15T20:32:46.000+02:00
diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp
@@ -436,7 +436,7 @@ void CheckBufferOverrun::pointerArithmetic()
             continue;
         if (!tok->valueType() || tok->valueType()->pointer == 0)
             continue;
-        if (!tok->astOperand1() || !tok->astOperand2())
+        if (!tok->isBinaryOp())
             continue;
         if (!tok->astOperand1()->valueType() || !tok->astOperand2()->valueType())
             continue;
@@ -472,7 +472,14 @@ void CheckBufferOverrun::pointerArithmetic()
             if (const ValueFlow::Value *neg = indexToken->getValueLE(-1, mSettings))
                 pointerArithmeticError(tok, indexToken, neg);
         } else if (tok->str() == "-") {
-            // TODO
+            const Token *array = arrayToken;
+            while (Token::Match(array, ".|::"))
+                array = array->astOperand2();
+            if (array->variable() && array->variable()->isArray()) {
+                const ValueFlow::Value *v = indexToken->getValueGE(1, mSettings);
+                if (v)
+                    pointerArithmeticError(tok, indexToken, v);
+            }
         }
     }
 }
diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp
@@ -198,7 +198,7 @@ class TestBufferOverrun : public TestFixture {
         TEST_CASE(pointer_out_of_bounds_2);
         TEST_CASE(pointer_out_of_bounds_3);
         TEST_CASE(pointer_out_of_bounds_4);
-        // TODO TEST_CASE(pointer_out_of_bounds_sub);
+        TEST_CASE(pointer_out_of_bounds_sub);
 
         TEST_CASE(strcat1);
 
@@ -3039,14 +3039,14 @@ class TestBufferOverrun : public TestFixture {
               "    if (i == 123) {}\n"
               "    dostuff(x-i);\n"
               "}");
-        ASSERT_EQUALS("[test.cpp:4]: (portability) Undefined behaviour, when 'i' is 123 the pointer arithmetic 'x-i' is out of bounds.\n", errout.str());
+        ASSERT_EQUALS("[test.cpp:3] -> [test.cpp:4]: (portability) Undefined behaviour, when 'i' is 123 the pointer arithmetic 'x-i' is out of bounds.\n", errout.str());
 
         check("void f(int i) {\n"
               "    char x[10];\n"
               "    if (i == -20) {}\n"
               "    dostuff(x-i);\n"
               "}");
-        ASSERT_EQUALS("[test.cpp:4]: (portability) Undefined behaviour, when 'i' is -20 the pointer arithmetic 'x-i' is out of bounds.\n", errout.str());
+        TODO_ASSERT_EQUALS("[test.cpp:4]: (portability) Undefined behaviour, when 'i' is -20 the pointer arithmetic 'x-i' is out of bounds.\n", "", errout.str());
     }
 
     void strcat1() {
