From 87fde2f47c73501ee6d6aea4e0440fa8e6f6f5ae Mon Sep 17 00:00:00 2001 From: chrchr-github Date: Wed, 11 Feb 2026 19:53:17 +0100 Subject: [PATCH 1/2] Add tests for #10241, #11519, #12532, #13403 --- test/testbufferoverrun.cpp | 18 ++++++++++++++++++ test/testcondition.cpp | 23 +++++++++++++++++++++++ 2 files changed, 41 insertions(+) diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp index 66b3ea2e4e0..d2052e76157 100644 --- a/test/testbufferoverrun.cpp +++ b/test/testbufferoverrun.cpp @@ -4173,6 +4173,15 @@ class TestBufferOverrun : public TestFixture { " a[i] = NULL;\n" "}"); ASSERT_EQUALS("[test.cpp:4:6]: (error) Array 'a[2]' accessed at index 2, which is out of bounds. [arrayIndexOutOfBounds]\n", errout_str()); + + check("void f(const uint8_t* a) {\n" // 10421 + " uint8_t* p = (uint8_t*)malloc(20U * sizeof(uint8_t));\n" + " if (!p) return false;\n" + " for (uint8_t i = 1; i < 30; ++i)\n" + " p[i] = a[i];\n" + " free(p);\n" + "}\n"); + ASSERT_EQUALS("[test.cpp:5:10]: (error) Array 'p[20]' accessed at index 29, which is out of bounds. [arrayIndexOutOfBounds]\n", errout_str()); } // statically allocated buffer @@ -5351,6 +5360,15 @@ class TestBufferOverrun : public TestFixture { " f(a);\n" "}\n"); ASSERT_EQUALS("[test.cpp:7:12] -> [test.cpp:9:6] -> [test.cpp:3:12]: (error) Array index out of bounds; 'p' buffer size is 4 and it is accessed at offset 20. [ctuArrayIndex]\n", errout_str()); + + ctu("void bar(int *p) { p[4] = 42; }\n" // #13403 + "void f() {\n" + " int *p = (int*)malloc(4 * sizeof(int));\n" + " if (!p) return;\n" + " bar(p);\n" + " free(p);\n" + "}\n"); + ASSERT_EQUALS("[test.cpp:3:12] -> [test.cpp:4:9] -> [test.cpp:5:8] -> [test.cpp:1:20]: (error) Array index out of bounds; 'p' buffer size is 16 and it is accessed at offset 16. [ctuArrayIndex]\n", errout_str()); } void ctu_array() { diff --git a/test/testcondition.cpp b/test/testcondition.cpp index 58fa04dc490..0917fda51cf 100644 --- a/test/testcondition.cpp +++ b/test/testcondition.cpp @@ -4814,6 +4814,29 @@ class TestCondition : public TestFixture { " return false;\n" "}\n"); ASSERT_EQUALS("[test.cpp:6:12] -> [test.cpp:7:21]: (style) Assigned value 's.g()' is always true [knownConditionTrueFalse]\n", errout_str()); + + check("void f(const void* p) {\n" // #11519 + " bool b = false;\n" + " if (!p && !b) {}\n" + " if (!b) {}\n" + " (void)b;\n" + "}\n"); + ASSERT_EQUALS("[test.cpp:3:15]: (style) Condition '!b' is always true [knownConditionTrueFalse]\n" + "[test.cpp:4:9]: (style) Condition '!b' is always true [knownConditionTrueFalse]\n", + errout_str()); + + check("struct C {\n" // #12532 + " void f() const;\n" + " int a, b;\n" + "};\n" + "void C::f() const {\n" + " if (a)\n" + " return;\n" + " if (!b) {}\n" + " if (a) {}\n" + "}\n"); + ASSERT_EQUALS("[test.cpp:6:9] -> [test.cpp:9:9]: (style) Condition 'a' is always false [knownConditionTrueFalse]\n", + errout_str()); } void alwaysTrueSymbolic() From f7ace38bab9c99b2a93a7384b58a26477bd36e89 Mon Sep 17 00:00:00 2001 From: chrchr-github Date: Wed, 11 Feb 2026 19:55:04 +0100 Subject: [PATCH 2/2] Format --- test/testbufferoverrun.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp index d2052e76157..2f2027c13af 100644 --- a/test/testbufferoverrun.cpp +++ b/test/testbufferoverrun.cpp @@ -5360,7 +5360,7 @@ class TestBufferOverrun : public TestFixture { " f(a);\n" "}\n"); ASSERT_EQUALS("[test.cpp:7:12] -> [test.cpp:9:6] -> [test.cpp:3:12]: (error) Array index out of bounds; 'p' buffer size is 4 and it is accessed at offset 20. [ctuArrayIndex]\n", errout_str()); - + ctu("void bar(int *p) { p[4] = 42; }\n" // #13403 "void f() {\n" " int *p = (int*)malloc(4 * sizeof(int));\n"