From 14b3f8877f7f4f5865103e3ef349b6b6de258a6c Mon Sep 17 00:00:00 2001 From: chrchr-github Date: Mon, 27 Apr 2026 22:39:46 +0200 Subject: [PATCH] Fix #14703 False positive: buffer out of bounds, memcpy, array of pointer --- lib/symboldatabase.cpp | 7 ++++++- test/testbufferoverrun.cpp | 10 ++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/lib/symboldatabase.cpp b/lib/symboldatabase.cpp index 9b42b799405..5905597c8c1 100644 --- a/lib/symboldatabase.cpp +++ b/lib/symboldatabase.cpp @@ -2503,7 +2503,12 @@ bool Variable::isMember() const { bool Variable::isPointerArray() const { - return isArray() && nameToken() && nameToken()->previous() && (nameToken()->strAt(-1) == "*"); + if (!isArray()) + return false; + const Token* tok = nameToken() ? nameToken()->previous() : nullptr; + while (Token::Match(tok, "const|volatile")) + tok = tok->previous(); + return Token::simpleMatch(tok, "*"); } bool Variable::isUnsigned() const diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp index 7118a7ae906..35e2cca6667 100644 --- a/test/testbufferoverrun.cpp +++ b/test/testbufferoverrun.cpp @@ -226,6 +226,7 @@ class TestBufferOverrun : public TestFixture { TEST_CASE(buffer_overrun_34); //#11035 TEST_CASE(buffer_overrun_35); //#2304 TEST_CASE(buffer_overrun_36); + TEST_CASE(buffer_overrun_37); TEST_CASE(buffer_overrun_errorpath); TEST_CASE(buffer_overrun_bailoutIfSwitch); // ticket #2378 : bailoutIfSwitch TEST_CASE(buffer_overrun_function_array_argument); @@ -3497,6 +3498,15 @@ class TestBufferOverrun : public TestFixture { ASSERT_EQUALS("", errout_str()); } + void buffer_overrun_37() { // #14703 + check("void f() {\n" + " const char *dst[256];\n" + " static const char * const src[] = {\"a\", \"b\", \"c\"};\n" + " memcpy(dst, src, sizeof(src));\n" + "}\n"); + ASSERT_EQUALS("", errout_str()); + } + void buffer_overrun_errorpath() { setMultiline(); Settings s = settings0;