Fix #12318 FP negativeIndex with do while loop (danmar#6720)

chrchr-github · web-flow · commit b8005e154a69 · 2024-08-25T22:19:54.000+02:00
diff --git a/lib/forwardanalyzer.cpp b/lib/forwardanalyzer.cpp
@@ -480,7 +480,7 @@ namespace {
             if (!checkThen && !checkElse && !isDoWhile && stopOnCondition(condTok) && stopUpdates())
                 return Break(Analyzer::Terminate::Conditional);
             // condition is false, we don't enter the loop
-            if (checkElse)
+            if (checkElse && !isDoWhile)
                 return Progress::Continue;
             if (checkThen || isDoWhile) {
                 // Since we are re-entering the loop then assume the condition is true to update the state
diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp
@@ -2799,6 +2799,18 @@ class TestBufferOverrun : public TestFixture {
         ASSERT_EQUALS("[test.cpp:3] -> [test.cpp:3]: (warning) Either the condition 's>sizeof(a)' is redundant or the array 'a[16]' is accessed at index 16, which is out of bounds.\n",
                       errout_str());
 
+        check("void f(int fd) {\n" // #12318
+              "    char buf[10];\n"
+              "    int size = 0;\n"
+              "    int pos = -1;\n"
+              "    do {\n"
+              "        pos++;\n"
+              "        size = read(fd, &buf[pos], 1);\n"
+              "    } while (size > 0);\n"
+              "    buf[pos] = '\\0';\n"
+              "}\n");
+        ASSERT_EQUALS("", errout_str());
+
     }
 
     void array_index_valueflow_pointer() {
