Fixed cppcheck-opensource#7113 (False positive arrayIndexOutOfBounds - using pointer alias with cast)

danmar · danmar · commit ef5be435c7bf · 2015-11-08T17:21:32.000+01:00
diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp
@@ -25,6 +25,7 @@
 #include "tokenize.h"
 #include "mathlib.h"
 #include "symboldatabase.h"
+#include "astutils.h"
 
 #include <algorithm>
 #include <sstream>
@@ -1083,6 +1084,9 @@ void CheckBufferOverrun::checkGlobalAndLocalVariable()
                     continue;
                 const Variable *var = it->tokvalue->variable();
                 if (var && var->isArray()) {
+                    if (astCanonicalType(tok) != astCanonicalType(it->tokvalue))
+                        continue;
+
                     const ArrayInfo arrayInfo(var, _tokenizer, &_settings->library);
                     const MathLib::bigint elements = arrayInfo.numberOfElements();
                     if (elements <= 0) // unknown size
diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp
@@ -141,6 +141,7 @@ class TestBufferOverrun : public TestFixture {
         TEST_CASE(array_index_string_literal);
         TEST_CASE(array_index_same_struct_and_var_name); // #4751 - not handled well when struct name and var name is same
         TEST_CASE(array_index_valueflow);
+        TEST_CASE(array_index_valueflow_pointer);
         TEST_CASE(array_index_function_parameter);
 
         TEST_CASE(buffer_overrun_2_struct);
@@ -2059,6 +2060,9 @@ class TestBufferOverrun : public TestFixture {
               "const int X::x[100] = {0}; }", false, "test.cpp");
         ASSERT_EQUALS("", errout.str());
 
+    }
+
+    void array_index_valueflow_pointer() {
         check("void f() {\n"
               "  int a[10];\n"
               "  int *p = a;\n"
@@ -2067,11 +2071,18 @@ class TestBufferOverrun : public TestFixture {
         ASSERT_EQUALS("[test.cpp:3] -> [test.cpp:4]: (error) Array 'a[10]' accessed at index 20, which is out of bounds.\n", errout.str());
 
         check("void f() {\n"
-              "  int a[X];\n"
+              "  int a[X];\n" // unknown size
               "  int *p = a;\n"
               "  p[20] = 0;\n"
               "}");
         ASSERT_EQUALS("", errout.str());
+
+        check("void f() {\n"
+              "  int a[2];\n"
+              "  char *p = (char *)a;\n" // cast
+              "  p[4] = 0;\n"
+              "}");
+        ASSERT_EQUALS("", errout.str());
     }
 
     void array_index_function_parameter() {
