Skip to content

Commit e039c08

Browse files
Fix #14887 FP objectIndex with pointer to array member (#8689)
1 parent c164444 commit e039c08

2 files changed

Lines changed: 26 additions & 2 deletions

File tree

lib/checkbufferoverrun.cpp

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1088,8 +1088,12 @@ void CheckBufferOverrunImpl::objectIndex()
10881088
for (const ValueFlow::Value& v:values) {
10891089
if (v.lifetimeKind != ValueFlow::Value::LifetimeKind::Address && v.lifetimeKind != ValueFlow::Value::LifetimeKind::Object)
10901090
continue;
1091-
const Token* varTok = nextAfterAstRightmostLeaf(v.tokvalue->astParent());
1092-
varTok = varTok ? varTok->previous() : nullptr;
1091+
const Token* varTok = v.tokvalue;
1092+
if (Token::simpleMatch(varTok->astParent(), ".")) {
1093+
varTok = varTok->astParent();
1094+
while (Token::simpleMatch(varTok, "."))
1095+
varTok = varTok->astOperand2();
1096+
}
10931097
const Variable *var = varTok ? varTok->variable() : nullptr;
10941098
if (!var)
10951099
continue;

test/testbufferoverrun.cpp

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5860,6 +5860,26 @@ class TestBufferOverrun : public TestFixture {
58605860
ASSERT_EQUALS("[test.cpp:7:20] -> [test.cpp:9:12]: (error) The address of variable 's.a' is accessed at non-zero index. [objectIndex]\n"
58615861
"[test.cpp:7:20] -> [test.cpp:10:12]: (error) The address of variable 's.a' is accessed at non-zero index. [objectIndex]\n",
58625862
errout_str());
5863+
5864+
check("const int N = 12;\n" // #14887
5865+
"struct S {\n"
5866+
" void f() const;\n"
5867+
" int a[N];\n"
5868+
"};\n"
5869+
"struct T {\n"
5870+
" void f() const;\n"
5871+
" S s;\n"
5872+
"};\n"
5873+
"int g(const int* p) { return p[5]; }\n"
5874+
"void S::f() const {\n"
5875+
" const int* q = a;\n"
5876+
" g(q);\n"
5877+
"}\n"
5878+
"void T::f() const {\n"
5879+
" const int* q = s.a;\n"
5880+
" g(q);\n"
5881+
"}\n");
5882+
ASSERT_EQUALS("", errout_str());
58635883
}
58645884

58655885
void checkPipeParameterSize() { // #3521

0 commit comments

Comments
 (0)