Skip to content

fixed #14506 - arrayIndexThenCheck had the wrong severity check #8229

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
firewave wants to merge 1 commit into
base: main
Choose a base branch
from
+30 −29
Open

fixed #14506 - arrayIndexThenCheck had the wrong severity check #8229

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions lib/checkbufferoverrun.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -706,10 +706,10 @@ void CheckBufferOverrun::bufferOverflowError(const Token *tok, const ValueFlow::

void CheckBufferOverrun::arrayIndexThenCheck()
{
if (!mSettings->severity.isEnabled(Severity::portability))
if (!mSettings->severity.isEnabled(Severity::style))
return;

logChecker("CheckBufferOverrun::arrayIndexThenCheck");
logChecker("CheckBufferOverrun::arrayIndexThenCheck"); // style

const SymbolDatabase *symbolDatabase = mTokenizer->getSymbolDatabase();
for (const Scope * const scope : symbolDatabase->functionScopes) {
Expand Down
55 changes: 28 additions & 27 deletions test/testbufferoverrun.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,9 @@ class TestBufferOverrun : public TestFixture {
TestBufferOverrun() : TestFixture("TestBufferOverrun") {}

private:
/*const*/ Settings settings0 = settingsBuilder().library("std.cfg").severity(Severity::warning).severity(Severity::style).severity(Severity::portability).build();
/*const*/ Settings settings0 = settingsBuilder().library("std.cfg").severity(Severity::warning).severity(Severity::style).build();
const Settings settings0_i = settingsBuilder(settings0).certainty(Certainty::inconclusive).build();
const Settings settings0_p = settingsBuilder(settings0).severity(Severity::portability).build();
const Settings settings1 = settingsBuilder(settings0).severity(Severity::performance).certainty(Certainty::inconclusive).build();

struct CheckOptions
Expand Down Expand Up @@ -3789,40 +3790,40 @@ class TestBufferOverrun : public TestFixture {
check("void f() {\n"
" char a[10];\n"
" char *p = a + 100;\n"
"}");
"}", settings0_p);
ASSERT_EQUALS("[test.cpp:3:17]: (portability) Undefined behaviour, pointer arithmetic 'a+100' is out of bounds. [pointerOutOfBounds]\n", errout_str());

check("char *f() {\n"
" char a[10];\n"
" return a + 100;\n"
"}");
"}", settings0_p);
ASSERT_EQUALS("[test.cpp:3:14]: (portability) Undefined behaviour, pointer arithmetic 'a+100' is out of bounds. [pointerOutOfBounds]\n", errout_str());

check("void f(int i) {\n"
" char x[10];\n"
" if (i == 123) {}\n"
" dostuff(x+i);\n"
"}");
"}", settings0_p);
ASSERT_EQUALS("[test.cpp:3:11] -> [test.cpp:4:14]: (portability) Undefined behaviour, when 'i' is 123 the pointer arithmetic 'x+i' is out of bounds. [pointerOutOfBoundsCond]\n", errout_str());

check("void f(int i) {\n"
" char x[10];\n"
" if (i == -1) {}\n"
" dostuff(x+i);\n"
"}");
"}", settings0_p);
ASSERT_EQUALS("[test.cpp:3:11] -> [test.cpp:4:14]: (portability) Undefined behaviour, when 'i' is -1 the pointer arithmetic 'x+i' is out of bounds. [pointerOutOfBoundsCond]\n", errout_str());

check("void f() {\n" // #6350 - fp when there is cast of buffer
" wchar_t buf[64];\n"
" p = (unsigned char *) buf + sizeof (buf);\n"
"}", dinit(CheckOptions, $.cpp = false));
"}", settings0_p, false);
ASSERT_EQUALS("", errout_str());

check("int f() {\n"
" const char d[] = \"0123456789\";\n"
" char *cp = d + 3;\n"
" return cp - d;\n"
"}");
"}", settings0_p);
ASSERT_EQUALS("", errout_str());
}

Expand All @@ -3831,15 +3832,15 @@ class TestBufferOverrun : public TestFixture {
" char *p = malloc(10);\n"
" p += 100;\n"
" free(p);"
"}");
"}", settings0_p);
TODO_ASSERT_EQUALS("[test.cpp:3]: (portability) Undefined behaviour, pointer arithmetic 'p+100' is out of bounds.\n", "", errout_str());

check("void f() {\n"
" char *p = malloc(10);\n"
" p += 10;\n"
" *p = 0;\n"
" free(p);"
"}");
"}", settings0_p);
TODO_ASSERT_EQUALS("[test.cpp:4]: (error) p is out of bounds.\n", "", errout_str());

check("void f() {\n"
Expand All @@ -3848,7 +3849,7 @@ class TestBufferOverrun : public TestFixture {
" p -= 10;\n"
" *p = 0;\n"
" free(p);"
"}");
"}", settings0_p);
ASSERT_EQUALS("", errout_str());

check("void f() {\n"
Expand All @@ -3857,15 +3858,15 @@ class TestBufferOverrun : public TestFixture {
" p = p - 1;\n"
" *p = 0;\n"
" free(p);"
"}");
"}", settings0_p);
ASSERT_EQUALS("", errout_str());
}

void pointer_out_of_bounds_3() {
check("struct S { int a[10]; };\n"
"void f(struct S *s) {\n"
" int *p = s->a + 100;\n"
"}");
"}", settings0_p);
ASSERT_EQUALS("[test.cpp:3:19]: (portability) Undefined behaviour, pointer arithmetic 's->a+100' is out of bounds. [pointerOutOfBounds]\n", errout_str());

check("template <class T> class Vector\n"
Expand All @@ -3881,36 +3882,36 @@ class TestBufferOverrun : public TestFixture {
" const T* P2 = PDat + 1;\n"
" const T* P1 = P2 - 1;\n"
"}\n"
"Vector<std::array<long, 2>> Foo;\n");
"Vector<std::array<long, 2>> Foo;\n", settings0_p);
ASSERT_EQUALS("", errout_str());
}

void pointer_out_of_bounds_4() {
check("const char* f() {\n"
" g(\"Hello\" + 6);\n"
"}");
"}", settings0_p);
ASSERT_EQUALS("", errout_str());

check("const char* f() {\n"
" g(\"Hello\" + 7);\n"
"}");
"}", settings0_p);
ASSERT_EQUALS("[test.cpp:2:15]: (portability) Undefined behaviour, pointer arithmetic '\"Hello\"+7' is out of bounds. [pointerOutOfBounds]\n", errout_str());

check("const char16_t* f() {\n"
" g(u\"Hello\" + 6);\n"
"}");
"}", settings0_p);
ASSERT_EQUALS("", errout_str());

check("const char16_t* f() {\n"
" g(u\"Hello\" + 7);\n"
"}");
"}", settings0_p);
ASSERT_EQUALS("[test.cpp:2:16]: (portability) Undefined behaviour, pointer arithmetic 'u\"Hello\"+7' is out of bounds. [pointerOutOfBounds]\n", errout_str());

check("void f() {\n" // #4647
" int val = 5;\n"
" std::string hi = \"hi\" + val;\n"
" std::cout << hi << std::endl;\n"
"}\n");
"}\n", settings0_p);
ASSERT_EQUALS("[test.cpp:3:27]: (portability) Undefined behaviour, pointer arithmetic '\"hi\"+val' is out of bounds. [pointerOutOfBounds]\n", errout_str());

check("void f(const char* s, int len) {\n" // #11026
Expand All @@ -3920,7 +3921,7 @@ class TestBufferOverrun : public TestFixture {
"void g() {\n"
" f(\"a\", 1);\n"
" f(\"bbb\", 3);\n"
"}\n");
"}\n", settings0_p);
ASSERT_EQUALS("", errout_str());

check("void f(int i, const char* a) {\n" // #11140
Expand All @@ -3933,14 +3934,14 @@ class TestBufferOverrun : public TestFixture {
"void h() {\n"
" for (int i = 0; \"012\"[i]; ++i)\n"
" f(i, \"345\");\n"
"}\n");
"}\n", settings0_p);
ASSERT_EQUALS("", errout_str());
}

void pointer_out_of_bounds_5() { // #10227
check("int foo(char str[6]) {\n"
" return !((0 && *(\"STRING\" + 14) == 0) || memcmp(str, \"STRING\", 6) == 0);\n"
"}\n");
"}\n", settings0_p);
ASSERT_EQUALS("", errout_str());
}

Expand All @@ -3950,26 +3951,26 @@ class TestBufferOverrun : public TestFixture {
check("char *f() {\n"
" char x[10];\n"
" return x-1;\n"
"}");
"}", settings0_p);
ASSERT_EQUALS("[test.cpp:3:13]: (portability) Undefined behaviour, pointer arithmetic 'x-1' is out of bounds. [pointerOutOfBounds]\n", errout_str());

check("void f(int i) {\n"
" char x[10];\n"
" if (i == 123) {}\n"
" dostuff(x-i);\n"
"}");
"}", settings0_p);
ASSERT_EQUALS("[test.cpp:3:11] -> [test.cpp:4:14]: (portability) Undefined behaviour, when 'i' is 123 the pointer arithmetic 'x-i' is out of bounds. [pointerOutOfBoundsCond]\n", errout_str());

check("void f(int i) {\n"
" char x[10];\n"
" if (i == -20) {}\n"
" dostuff(x-i);\n"
"}");
"}", settings0_p);
TODO_ASSERT_EQUALS("[test.cpp:4]: (portability) Undefined behaviour, when 'i' is -20 the pointer arithmetic 'x-i' is out of bounds.\n", "", errout_str());

check("void f(const char *x[10]) {\n"
" return x-4;\n"
"}");
"}", settings0_p);
ASSERT_EQUALS("", errout_str());
}

Expand Down Expand Up @@ -5296,14 +5297,14 @@ class TestBufferOverrun : public TestFixture {
check("void f() {\n"
" char arr[10];\n"
" char *p = arr + 20;\n"
"}");
"}", settings0_p);
ASSERT_EQUALS("[test.cpp:3:19]: (portability) Undefined behaviour, pointer arithmetic 'arr+20' is out of bounds. [pointerOutOfBounds]\n", errout_str());

check("char(*g())[1];\n" // #7950
"void f() {\n"
" int a[2];\n"
" int* b = a + sizeof(*g());\n"
"}\n");
"}\n", settings0_p);
ASSERT_EQUALS("", errout_str());
}

Expand Down
Loading