Add tests for #10241, #11519, #12532, #13403 (danmar#8200)

chrchr-github · web-flow · web-flow · commit 7c5db88a2602 · 2026-02-12T08:02:54.000+01:00
Co-authored-by: chrchr-github &lt;noreply@github.com&gt;
diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp
@@ -4173,6 +4173,15 @@ class TestBufferOverrun : public TestFixture {
               "    a[i] = NULL;\n"
               "}");
         ASSERT_EQUALS("[test.cpp:4:6]: (error) Array 'a[2]' accessed at index 2, which is out of bounds. [arrayIndexOutOfBounds]\n", errout_str());
+
+        check("void f(const uint8_t* a) {\n" // 10421
+              "    uint8_t* p = (uint8_t*)malloc(20U * sizeof(uint8_t));\n"
+              "    if (!p) return false;\n"
+              "    for (uint8_t i = 1; i < 30; ++i)\n"
+              "        p[i] = a[i];\n"
+              "    free(p);\n"
+              "}\n");
+        ASSERT_EQUALS("[test.cpp:5:10]: (error) Array 'p[20]' accessed at index 29, which is out of bounds. [arrayIndexOutOfBounds]\n", errout_str());
     }
 
     // statically allocated buffer
@@ -5351,6 +5360,15 @@ class TestBufferOverrun : public TestFixture {
             "    f(a);\n"
             "}\n");
         ASSERT_EQUALS("[test.cpp:7:12] -> [test.cpp:9:6] -> [test.cpp:3:12]: (error) Array index out of bounds; 'p' buffer size is 4 and it is accessed at offset 20. [ctuArrayIndex]\n", errout_str());
+
+        ctu("void bar(int *p) { p[4] = 42; }\n" // #13403
+            "void f() {\n"
+            "    int *p = (int*)malloc(4 * sizeof(int));\n"
+            "    if (!p) return;\n"
+            "    bar(p);\n"
+            "    free(p);\n"
+            "}\n");
+        ASSERT_EQUALS("[test.cpp:3:12] -> [test.cpp:4:9] -> [test.cpp:5:8] -> [test.cpp:1:20]: (error) Array index out of bounds; 'p' buffer size is 16 and it is accessed at offset 16. [ctuArrayIndex]\n", errout_str());
     }
 
     void ctu_array() {
diff --git a/test/testcondition.cpp b/test/testcondition.cpp
@@ -4815,6 +4815,29 @@ class TestCondition : public TestFixture {
               "    return false;\n"
               "}\n");
         ASSERT_EQUALS("[test.cpp:6:12] -> [test.cpp:7:21]: (style) Assigned value 's.g()' is always true [knownConditionTrueFalse]\n", errout_str());
+
+        check("void f(const void* p) {\n" // #11519
+              "    bool b = false;\n"
+              "    if (!p && !b) {}\n"
+              "    if (!b) {}\n"
+              "    (void)b;\n"
+              "}\n");
+        ASSERT_EQUALS("[test.cpp:3:15]: (style) Condition '!b' is always true [knownConditionTrueFalse]\n"
+                      "[test.cpp:4:9]: (style) Condition '!b' is always true [knownConditionTrueFalse]\n",
+                      errout_str());
+
+        check("struct C {\n" // #12532
+              "    void f() const;\n"
+              "    int a, b;\n"
+              "};\n"
+              "void C::f() const {\n"
+              "    if (a)\n"
+              "        return;\n"
+              "    if (!b) {}\n"
+              "    if (a) {}\n"
+              "}\n");
+        ASSERT_EQUALS("[test.cpp:6:9] -> [test.cpp:9:9]: (style) Condition 'a' is always false [knownConditionTrueFalse]\n",
+                      errout_str());
     }
 
     void alwaysTrueSymbolic()
