Fixed cppcheck-opensource#6668 (False positive bufferAccessOutOfBounds on sprintf() - regression)

danmar · danmar · commit 0ca410a4d7d2 · 2015-06-07T14:01:20.000+02:00
diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp
@@ -361,6 +361,10 @@ void CheckBufferOverrun::checkFunctionParameter(const Token &ftok, unsigned int
         for (std::size_t i = 0; i < arrayInfo.num().size(); ++i)
             arraySize *= arrayInfo.num(i);
 
+        // dimension is 0 or unknown => bailout
+        if (arraySize == 0)
+            return;
+
         const Token *charSizeToken = nullptr;
         if (checkMinSizes(*minsizes, &ftok, (std::size_t)arraySize, &charSizeToken, _settings))
             bufferOverrunError(callstack, arrayInfo.varname());
diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp
@@ -3261,6 +3261,15 @@ class TestBufferOverrun : public TestFixture {
               "  mysprintf(x.a, \"aa\");\n"
               "}", settings);
         ASSERT_EQUALS("", errout.str());
+
+        check("struct Foo {\n" // #6668 - unknown size
+              "  char a[LEN];\n"
+              "  void f();\n"
+              "};"
+              "void Foo::f() {\n"
+              "  mysprintf(a, \"abcd\");\n"
+              "}", settings);
+        ASSERT_EQUALS("", errout.str());
     }
 
     void minsize_mul() {
