Fixed #10367 (False positive; pointer out of bounds argv-1)

danmar · danmar · commit a9a093e7cc8d · 2021-09-15T08:29:10.000+02:00
diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp
@@ -486,6 +486,9 @@ void CheckBufferOverrun::pointerArithmetic()
             if (const ValueFlow::Value *neg = indexToken->getValueLE(-1, mSettings))
                 pointerArithmeticError(tok, indexToken, neg);
         } else if (tok->str() == "-") {
+            if (arrayToken->variable() && arrayToken->variable()->isArgument())
+                continue;
+
             const Token *array = arrayToken;
             while (Token::Match(array, ".|::"))
                 array = array->astOperand2();
diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp
@@ -3176,6 +3176,11 @@ class TestBufferOverrun : public TestFixture {
               "    dostuff(x-i);\n"
               "}");
         TODO_ASSERT_EQUALS("[test.cpp:4]: (portability) Undefined behaviour, when 'i' is -20 the pointer arithmetic 'x-i' is out of bounds.\n", "", errout.str());
+
+        check("void f(const char *x[10]) {\n"
+              "    return x-4;\n"
+              "}");
+        ASSERT_EQUALS("", errout.str());
     }
 
     void strcat1() {
