Print this page
11506 smatch resync
@@ -31,49 +31,34 @@
{
struct expression *array;
struct expression *size;
struct expression *offset;
char *array_str, *offset_str;
+ int limit_type;
expr = strip_expr(expr);
if (!is_array(expr))
return;
array = get_array_base(expr);
- size = get_size_variable(array);
- if (!size)
+ size = get_size_variable(array, &limit_type);
+ if (!size || limit_type != ELEM_COUNT)
return;
offset = get_array_offset(expr);
if (!possible_comparison(size, SPECIAL_EQUAL, offset))
return;
+ if (buf_comparison_index_ok(expr))
+ return;
+
array_str = expr_to_str(array);
offset_str = expr_to_str(offset);
sm_warning("potentially one past the end of array '%s[%s]'", array_str, offset_str);
free_string(array_str);
free_string(offset_str);
}
-static int known_access_ok_comparison(struct expression *expr)
-{
- struct expression *array;
- struct expression *size;
- struct expression *offset;
- int comparison;
-
- array = get_array_base(expr);
- size = get_size_variable(array);
- if (!size)
- return 0;
- offset = get_array_offset(expr);
- comparison = get_comparison(size, offset);
- if (comparison == '>' || comparison == SPECIAL_UNSIGNED_GT)
- return 1;
-
- return 0;
-}
-
static int known_access_ok_numbers(struct expression *expr)
{
struct expression *array;
struct expression *offset;
sval_t max;
@@ -106,11 +91,11 @@
if (!is_array(expr))
return;
if (known_access_ok_numbers(expr))
return;
- if (known_access_ok_comparison(expr))
+ if (buf_comparison_index_ok(expr))
return;
array = get_array_base(expr);
offset = get_array_offset(expr);
offset_name = expr_to_var(offset);