Fix 11306: FP knownConditionTrueFalse with strlen() (#4477)

pfultz2 · web-flow · commit d34de745c052 · 2022-09-18T08:29:10.000+02:00
* Fix 11306: FP knownConditionTrueFalse with strlen()

* Add another test
diff --git a/lib/valueflow.cpp b/lib/valueflow.cpp
@@ -5223,16 +5223,11 @@ static void valueFlowSymbolicOperators(TokenList* tokenlist, SymbolDatabase* sym
                         continue;
                     if (value.intvalue != 0)
                         continue;
-                    if (value.bound == ValueFlow::Value::Bound::Upper)
-                        continue;
-                    if (value.isImpossible() && value.bound != ValueFlow::Value::Bound::Lower)
-                        continue;
-                    if (value.isKnown() && value.bound != ValueFlow::Value::Bound::Point)
-                        continue;
                     const Token* strlenTok = isStrlenOf(value.tokvalue, arrayTok);
                     if (!strlenTok)
                         continue;
                     ValueFlow::Value v = value;
+                    v.bound = ValueFlow::Value::Bound::Point;
                     v.valueType = ValueFlow::Value::ValueType::INT;
                     v.errorPath.emplace_back(strlenTok, "Return index of string to the first element that is 0");
                     setTokenValue(tok, v, tokenlist->getSettings());
@@ -8865,7 +8860,7 @@ void ValueFlow::setValues(TokenList *tokenlist, SymbolDatabase* symboldatabase,
 
     std::size_t values = 0;
     std::size_t n = 4;
-    while (n > 0 && values < getTotalValues(tokenlist)) {
+    while (n > 0 && values != getTotalValues(tokenlist)) {
         values = getTotalValues(tokenlist);
         valueFlowImpossibleValues(tokenlist, settings);
         valueFlowSymbolicOperators(tokenlist, symboldatabase);
diff --git a/test/testvalueflow.cpp b/test/testvalueflow.cpp
@@ -7585,6 +7585,23 @@ class TestValueFlow : public TestFixture {
                "    return 0;\n"
                "}\n";
         ASSERT_EQUALS(true, testValueOfXImpossible(code, 4U, 0));
+
+        code = "int f(char *s, size_t i) {\n"
+               "    if (i < strlen(s)) {\n"
+               "      int x = s[i] != ' ';\n"
+               "      return x;\n"
+               "    }\n"
+               "    return 0;\n"
+               "}\n";
+        ASSERT_EQUALS(false, testValueOfXKnown(code, 4U, 1));
+
+        code = "int f(char *s, size_t i) {\n"
+               "    if (i == strlen(s)) {}\n"
+               "    int x = s[i];\n"
+               "    return x;\n"
+               "}\n";
+        ASSERT_EQUALS(false, testValueOfXKnown(code, 4U, 0));
+        ASSERT_EQUALS(true, testValueOfX(code, 4U, 0));
     }
 
     void valueFlowSmartPointer()
