Skip to content

Commit 8541e05

Browse files
pfultz2pfultz2
authored
Fix 10290: false negative: container out of bounds (cppcheck-opensource#3269)
1 parent 1df93f5 commit 8541e05

3 files changed

Lines changed: 13 additions & 4 deletions

File tree

lib/forwardanalyzer.cpp

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -111,8 +111,10 @@ struct ForwardTraversal {
111111
return Progress::Skip;
112112
T* firstOp = tok->astOperand1();
113113
T* secondOp = tok->astOperand2();
114-
// Evaluate RHS of assignment before LHS
115-
if (tok->isAssignmentOp())
114+
// Evaluate:
115+
// 1. RHS of assignment before LHS
116+
// 2. Unary op before operand
117+
if (tok->isAssignmentOp() || !secondOp)
116118
std::swap(firstOp, secondOp);
117119
if (firstOp && traverseRecursive(firstOp, f, traverseUnknown, recursion+1) == Progress::Break)
118120
return Break();

lib/valueflow.cpp

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1244,7 +1244,7 @@ static void valueFlowPointerAlias(TokenList *tokenlist)
12441244
}
12451245
}
12461246

1247-
static void valueFlowPointerAliasDeref(TokenList *tokenlist)
1247+
static void valueFlowUninitPointerAliasDeref(TokenList *tokenlist)
12481248
{
12491249
for (Token *tok = tokenlist->front(); tok; tok = tok->next()) {
12501250
if (!tok->isUnaryOp("*"))
@@ -6869,7 +6869,6 @@ void ValueFlow::setValues(TokenList *tokenlist, SymbolDatabase* symboldatabase,
68696869
while (n > 0 && values < getTotalValues(tokenlist)) {
68706870
values = getTotalValues(tokenlist);
68716871
valueFlowImpossibleValues(tokenlist, settings);
6872-
valueFlowPointerAliasDeref(tokenlist);
68736872
valueFlowArrayBool(tokenlist);
68746873
valueFlowRightShift(tokenlist, settings);
68756874
valueFlowAfterMove(tokenlist, symboldatabase, errorLogger, settings);
@@ -6883,6 +6882,7 @@ void ValueFlow::setValues(TokenList *tokenlist, SymbolDatabase* symboldatabase,
68836882
valueFlowLifetime(tokenlist, symboldatabase, errorLogger, settings);
68846883
valueFlowFunctionDefaultParameter(tokenlist, symboldatabase, errorLogger, settings);
68856884
valueFlowUninit(tokenlist, symboldatabase, errorLogger, settings);
6885+
valueFlowUninitPointerAliasDeref(tokenlist);
68866886
if (tokenlist->isCPP()) {
68876887
valueFlowSmartPointer(tokenlist, errorLogger, settings);
68886888
valueFlowIterators(tokenlist, settings);

test/teststl.cpp

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -440,6 +440,13 @@ class TestStl : public TestFixture {
440440
" (*PArr)[i] = 1;\n"
441441
"}\n");
442442
ASSERT_EQUALS("", errout.str());
443+
444+
checkNormal("int f() {\n"
445+
" std::vector<int> v;\n"
446+
" std::vector<int> * pv = &v;\n"
447+
" return (*pv).at(42);\n"
448+
"}\n");
449+
ASSERT_EQUALS("test.cpp:4:error:Out of bounds access in expression '(*pv).at(42)' because '*pv' is empty and 'at' may be non-zero.\n", errout.str());
443450
}
444451

445452
void outOfBoundsIndexExpression() {

0 commit comments

Comments
 (0)