Fix #12479 FP pointerOutOfBounds with array member (#6070)

danmar · Mar 1, 2024 · e2f8c3f · e2f8c3f
1 parent 6d5b02f
commit e2f8c3f
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/lib/valueflow.cpp b/lib/valueflow.cpp
@@ -119,6 +119,7 @@
 #include <limits>
 #include <map>
 #include <memory>
+#include <numeric>
 #include <set>
 #include <sstream> // IWYU pragma: keep
 #include <string>
@@ -1116,6 +1117,10 @@ static size_t accumulateStructMembers(const Scope* scope, F f)
             if (vt->type == ValueType::Type::RECORD && vt->typeScope == scope)
                 return 0;
             total = f(total, *vt);
+            const MathLib::bigint dim = std::accumulate(var.dimensions().cbegin(), var.dimensions().cend(), 1LL, [](MathLib::bigint i1, const Dimension& dim) {
+                return i1 * dim.num;
+            });
+            total *= dim;
         }
         if (total == 0)
             return 0;

diff --git a/test/testvalueflow.cpp b/test/testvalueflow.cpp
@@ -1458,6 +1458,14 @@ class TestValueFlow : public TestFixture {
         values = tokenValues(code, "==");
         ASSERT_EQUALS(1U, values.size());
         ASSERT_EQUALS(1LL, values.back().intvalue);
+
+        code = "struct S { int32_t a[2][10] };\n" // #12479
+               "void f() {\n"
+               "    x = sizeof(S);\n"
+               "}\n";
+        values = tokenValues(code, "=");
+        ASSERT_EQUALS(1U, values.size());
+        ASSERT_EQUALS(4LL * 2 * 10, values.back().intvalue);
     }
 
     void valueFlowComma()