Fix 10413: FP arrayIndexOutOfBoundsCond after check (#3446)

pfultz2 · web-flow · commit 98e22f6162f2 · 2021-09-06T07:15:24.000+02:00
diff --git a/lib/valueflow.cpp b/lib/valueflow.cpp
@@ -7711,6 +7711,10 @@ static std::vector<ValueFlow::Value> isOutOfBoundsImpl(const ValueFlow::Value& s
     // TODO: Use a better way to decide if the variable in unconstrained
     if (!indexTok->variable() || !indexTok->variable()->isArgument())
         return {};
+    if (std::any_of(indexTok->values().begin(), indexTok->values().end(), [&](const ValueFlow::Value& v) {
+        return v.isSymbolicValue() && v.isPossible() && v.bound == ValueFlow::Value::Bound::Upper;
+    }))
+        return {};
     if (indexValue->bound != ValueFlow::Value::Bound::Lower)
         return {};
     if (size.bound == ValueFlow::Value::Bound::Lower)
diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp
@@ -135,6 +135,7 @@ class TestBufferOverrun : public TestFixture {
         TEST_CASE(array_index_56); // #10284
         TEST_CASE(array_index_57); // #10023
         TEST_CASE(array_index_58); // #7524
+        TEST_CASE(array_index_59); // #10413
         TEST_CASE(array_index_multidim);
         TEST_CASE(array_index_switch_in_for);
         TEST_CASE(array_index_for_in_for);   // FP: #2634
@@ -1652,6 +1653,18 @@ class TestBufferOverrun : public TestFixture {
             errout.str());
     }
 
+    void array_index_59()
+    {
+        check("long f(long b) {\n"
+              "  const long a[] = { 0, 1, };\n"
+              "  const long c = std::size(a);\n"
+              "  if (b < 0 || b >= c)\n"
+              "    return 0;\n"
+              "  return a[b];\n"
+              "}\n");
+        ASSERT_EQUALS("", errout.str());
+    }
+
     void array_index_multidim() {
         check("void f()\n"
               "{\n"
