From 60321edd0da2df4f2ddc72a21ff3eb5cfd5cf296 Mon Sep 17 00:00:00 2001 From: Paul Fultz II Date: Sat, 24 Jun 2023 13:08:55 -0500 Subject: [PATCH] Fix 11784: FP arrayIndexOutOfBounds when increment is counted twice (#5186) --- lib/forwardanalyzer.cpp | 3 ++- test/testbufferoverrun.cpp | 16 ++++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/lib/forwardanalyzer.cpp b/lib/forwardanalyzer.cpp index 5d8625052b2..4fc0b8765e8 100644 --- a/lib/forwardanalyzer.cpp +++ b/lib/forwardanalyzer.cpp @@ -671,7 +671,8 @@ struct ForwardTraversal { return Break(); } else { Token* stepTok = getStepTok(tok); - if (updateLoop(end, endBlock, condTok, initTok, stepTok) == Progress::Break) + // Dont pass initTok since it was already evaluated + if (updateLoop(end, endBlock, condTok, nullptr, stepTok) == Progress::Break) return Break(); } tok = endBlock; diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp index 45af74ac848..1da579d0dd6 100644 --- a/test/testbufferoverrun.cpp +++ b/test/testbufferoverrun.cpp @@ -174,6 +174,7 @@ class TestBufferOverrun : public TestFixture { TEST_CASE(array_index_69); // #6370 TEST_CASE(array_index_70); // #11355 TEST_CASE(array_index_71); // #11461 + TEST_CASE(array_index_72); // #11784 TEST_CASE(array_index_multidim); TEST_CASE(array_index_switch_in_for); TEST_CASE(array_index_for_in_for); // FP: #2634 @@ -1924,6 +1925,21 @@ class TestBufferOverrun : public TestFixture { ASSERT_EQUALS("", errout.str()); } + // #11784 + void array_index_72() + { + check("char f(int i) {\n" + " char d[4] = {};\n" + " for (; i < 3; i++) {}\n" + " for (i++; i > 0;) {\n" + " d[--i] = 1;\n" + " break;\n" + " }\n" + " return d[3];\n" + "}\n"); + ASSERT_EQUALS("", errout.str()); + } + void array_index_multidim() { check("void f()\n" "{\n"