diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp index 17e9b5caf..3a7a20c28 100644 --- a/lib/checkbufferoverrun.cpp +++ b/lib/checkbufferoverrun.cpp @@ -2000,7 +2000,7 @@ private: const Token *parse(const Token &tok, std::list &checks) const { if (Token::Match(tok.previous(), "[;{}]")) { // Declaring variable.. - if (Token::Match(&tok, "%type% %var% ;") && tok.isStandardType()) { + if (Token::Match(&tok, "%type% %var% ;") /*&& (tok.isStandardType() || isC)*/) { checks.push_back(new ExecutionPathBufferOverrun(owner, arrayInfo, tok.next()->varId())); return tok.tokAt(2); } diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp index 4e93d6886..7ae2853e7 100644 --- a/test/testbufferoverrun.cpp +++ b/test/testbufferoverrun.cpp @@ -223,6 +223,7 @@ private: TEST_CASE(executionPaths3); // no FP for function parameter TEST_CASE(executionPaths4); // Ticket #2386 - Segmentation fault in the ExecutionPath handling TEST_CASE(executionPaths5); // Ticket #2920 - False positive when size is unknown + TEST_CASE(executionPaths6); // unknown types TEST_CASE(cmdLineArgs1); @@ -3363,7 +3364,7 @@ private: } - void epcheck(const char code[]) { + void epcheck(const char code[], const char filename[] = "test.cpp") { // Clear the error buffer.. errout.str(""); @@ -3372,7 +3373,7 @@ private: // Tokenize.. Tokenizer tokenizer(&settings, this); std::istringstream istr(code); - tokenizer.tokenize(istr, "test.cpp"); + tokenizer.tokenize(istr, filename); tokenizer.simplifyTokenList(); // Check for buffer overruns.. @@ -3450,6 +3451,17 @@ private: ASSERT_EQUALS("", errout.str()); } + void executionPaths6() { // handling unknown type + const char code[] = "void f() {\n" + " u32 a[10];" + " u32 i = 0;\n" + " if (x) { i = 1000; }\n" + " a[i] = 0;\n" + "}"; + epcheck(code); + ASSERT_EQUALS("[test.cpp:4]: (error) Array 'a[10]' index 1000 out of bounds\n", errout.str()); + } + void cmdLineArgs1() { check("int main(int argc, char* argv[])\n" "{\n"