From b73896bcc5bda433c67538e7112151db10f991c9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= <danielm77@spray.se>
Date: Wed, 12 Oct 2011 20:54:39 +0200
Subject: [PATCH] Fixed #3163 (Out of bounds pointer arithmetic not reset)

---
 lib/checkbufferoverrun.cpp | 13 ++++++++-----
 test/testbufferoverrun.cpp |  9 +++++++++
 2 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp
index ce9d5adce..ebe584468 100644
--- a/lib/checkbufferoverrun.cpp
+++ b/lib/checkbufferoverrun.cpp
@@ -912,11 +912,14 @@ void CheckBufferOverrun::checkScope(const Token *tok, const std::vector<std::str
             break;
         }
 
-        // reassign buffer => bailout
-        if (varid > 0 &&
-            Token::Match(tok, "[;{}] %varid% =", varid) &&
-            !Token::Match(tok->tokAt(3), "%varid%", varid))
-            break;
+        // reassign buffer
+        if (varid > 0 && Token::Match(tok, "[;{}] %varid% =", varid))
+        {
+			// using varid .. bailout
+			if (!Token::Match(tok->tokAt(3), "%varid%", varid))
+			    break;
+			pointerIsOutOfBounds = false;
+		}
 
         // Array index..
         if ((varid > 0 && ((tok->str() == "return" || (!tok->isName() && !Token::Match(tok, "[.&]"))) && Token::Match(tok->next(), "%varid% [ %num% ]", varid))) ||
diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp
index 11c944531..c62b995e2 100644
--- a/test/testbufferoverrun.cpp
+++ b/test/testbufferoverrun.cpp
@@ -2446,6 +2446,15 @@ private:
               "}");
         ASSERT_EQUALS("[test.cpp:4]: (error) p is out of bounds\n", errout.str());
 
+        check("void f() {\n"
+              "    char *p = malloc(10);\n"
+              "    p += 10;\n"
+              "    p -= 10;\n"
+              "    *p = 0;\n"
+              "    free(p);"
+              "}");
+        ASSERT_EQUALS("", errout.str());
+
         check("void f() {\n"
               "    char *p = malloc(10);\n"
               "    p += 10;\n"