Fix #12478 Regression: False negatives arrayIndexOutOfBounds (#6064)

danmar · Feb 29, 2024 · 62286c8 · 62286c8
1 parent e156fbf
commit 62286c8
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 8 deletions.
diff --git a/cfg/std.cfg b/cfg/std.cfg
@@ -6371,18 +6371,23 @@ The obsolete function 'gets' is called. With 'gets' you'll get a buffer overrun
                             std::istream& std::istream::get (char* s, streamsize n, char delim);
        stream buffer (3)    std::istream& std::istream::get (streambuf& sb);
                             std::istream& std::istream::get (streambuf& sb, char delim);-->
-  <!-- single character (1)                 int std::istringstream::get ();
-                            std::istringstream& std::istringstream::get (char& c);
-       c-string (2)         std::istringstream& std::istringstream::get (char* s, streamsize n);
-                            std::istringstream& std::istringstream::get (char* s, streamsize n, char delim);
-       stream buffer (3)    std::istringstream& std::istringstream::get (streambuf& sb);
-                            std::istringstream& std::istringstream::get (streambuf& sb, char delim);-->
   <!-- There is currently no way to define this properly because Cppcheck lacks support for
        overloaded functions.-->
-  <function name="std::istream::get,std::ifstream::get,std::istringstream::get">
+  <function name="std::istream::get,std::istringstream::get,std::ifstream::get">
     <noreturn>false</noreturn>
     <leak-ignore/>
-    <arg nr="any"/>
+    <arg nr="1" direction="out">
+      <not-null/>
+      <strz/>
+      <minsize type="argvalue" arg="2"/>
+    </arg>
+    <arg nr="2" direction="in">
+      <not-uninit/>
+      <valid>0:</valid>
+    </arg>
+    <arg nr="3" default="'\n'" direction="in">
+      <not-uninit/>
+    </arg>
   </function>
   <!-- /*unspecified*/ setbase(int base); -->
   <function name="setbase,std::setbase">

diff --git a/test/cfg/std.cpp b/test/cfg/std.cpp
@@ -44,6 +44,7 @@
 #include <numeric>
 #include <queue>
 #include <set>
+#include <streambuf>
 #include <string_view>
 #include <tuple>
 #include <unordered_map>
@@ -533,6 +534,28 @@ void bufferAccessOutOfBounds_std_ofstream_write(std::ofstream &os, const char* s
     (void)os.write(s,n);
 }
 
+// cppcheck-suppress constParameterReference // TODO: FP
+void bufferAccessOutOfBounds_std_ifstream_get(std::ifstream& in, std::streambuf& sb)
+{
+    char cBuf[10];
+    // cppcheck-suppress bufferAccessOutOfBounds
+    in.getline(cBuf, 100);
+    // cppcheck-suppress bufferAccessOutOfBounds
+    in.read(cBuf, 100);
+    // cppcheck-suppress bufferAccessOutOfBounds
+    in.readsome(cBuf, 100);
+    // cppcheck-suppress bufferAccessOutOfBounds
+    in.get(cBuf, 100);
+    // cppcheck-suppress bufferAccessOutOfBounds
+    in.get(cBuf, 100, 'a');
+    // cppcheck-suppress bufferAccessOutOfBounds
+    in.getline(cBuf, 100, 'a');
+
+    in.get(sb, 'a');
+
+    in.close();
+}
+
 void invalidFunctionArg_fesetexceptflag(const fexcept_t* flagp, int excepts)
 {
     (void)std::fesetexceptflag(flagp, excepts);