From b8005e154a696527c553e1cafc39589a75a57983 Mon Sep 17 00:00:00 2001 From: chrchr-github <78114321+chrchr-github@users.noreply.github.com> Date: Sun, 25 Aug 2024 22:19:54 +0200 Subject: [PATCH] Fix #12318 FP negativeIndex with do while loop (#6720) --- lib/forwardanalyzer.cpp | 2 +- test/testbufferoverrun.cpp | 12 ++++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/lib/forwardanalyzer.cpp b/lib/forwardanalyzer.cpp index 3b35df6789e..17e340a5014 100644 --- a/lib/forwardanalyzer.cpp +++ b/lib/forwardanalyzer.cpp @@ -480,7 +480,7 @@ namespace { if (!checkThen && !checkElse && !isDoWhile && stopOnCondition(condTok) && stopUpdates()) return Break(Analyzer::Terminate::Conditional); // condition is false, we don't enter the loop - if (checkElse) + if (checkElse && !isDoWhile) return Progress::Continue; if (checkThen || isDoWhile) { // Since we are re-entering the loop then assume the condition is true to update the state diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp index b743b6a81bd..baa406b13f1 100644 --- a/test/testbufferoverrun.cpp +++ b/test/testbufferoverrun.cpp @@ -2799,6 +2799,18 @@ class TestBufferOverrun : public TestFixture { ASSERT_EQUALS("[test.cpp:3] -> [test.cpp:3]: (warning) Either the condition 's>sizeof(a)' is redundant or the array 'a[16]' is accessed at index 16, which is out of bounds.\n", errout_str()); + check("void f(int fd) {\n" // #12318 + " char buf[10];\n" + " int size = 0;\n" + " int pos = -1;\n" + " do {\n" + " pos++;\n" + " size = read(fd, &buf[pos], 1);\n" + " } while (size > 0);\n" + " buf[pos] = '\\0';\n" + "}\n"); + ASSERT_EQUALS("", errout_str()); + } void array_index_valueflow_pointer() {