Fix 11530: FP arrayIndexOutOfBounds with array of functions (cppcheck-opensource#5191)

pfultz2 · web-flow · commit a2ee32695fac · 2023-06-25T20:38:44.000+02:00
diff --git a/lib/forwardanalyzer.cpp b/lib/forwardanalyzer.cpp
@@ -796,14 +796,15 @@ struct ForwardTraversal {
                     return Break();
                 return Break();
             } else if (Token* callTok = callExpr(tok)) {
+                // TODO: Dont traverse tokens a second time
+                if (start != callTok && tok != callTok && updateRecursive(callTok->astOperand1()) == Progress::Break)
+                    return Break();
                 // Since the call could be an unknown macro, traverse the tokens as a range instead of recursively
                 if (!Token::simpleMatch(callTok, "( )") &&
                     updateRange(callTok->next(), callTok->link(), depth - 1) == Progress::Break)
                     return Break();
                 if (updateTok(callTok) == Progress::Break)
                     return Break();
-                if (start != callTok && updateRecursive(callTok->astOperand1()) == Progress::Break)
-                    return Break();
                 tok = callTok->link();
                 if (!tok)
                     return Break();
diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp
@@ -175,6 +175,7 @@ class TestBufferOverrun : public TestFixture {
         TEST_CASE(array_index_70); // #11355
         TEST_CASE(array_index_71); // #11461
         TEST_CASE(array_index_72); // #11784
+        TEST_CASE(array_index_73); // #11530
         TEST_CASE(array_index_multidim);
         TEST_CASE(array_index_switch_in_for);
         TEST_CASE(array_index_for_in_for);   // FP: #2634
@@ -1940,6 +1941,17 @@ class TestBufferOverrun : public TestFixture {
         ASSERT_EQUALS("", errout.str());
     }
 
+    // #11530
+    void array_index_73()
+    {
+        check("void f() {\n"
+              "  int k = 0;\n"
+              "  std::function<void(int)> a[1] = {};\n"
+              "  a[k++](0);\n"
+              "}\n");
+        ASSERT_EQUALS("", errout.str());
+    }
+
     void array_index_multidim() {
         check("void f()\n"
               "{\n"
