False positive: containerOutOfBounds with pointer in sub-struct

[CHR]

The code below results in a containerOutOfBounds warning with v2.3, The idea is that Read() would fill the vector via pointer. It seems that cppcheck loses track of the pointer when more than one set of braces is involved.

#include <string>
#include <vector>

struct T {
  std::vector<std::wstring>* pvs;
};
struct S {
  T t;
};
long Read(S& s);
long Read(T& t);

size_t test() {
  std::vector<std::wstring> Arr;

  // this is fine
  T t = { &Arr };
  Read(t);

  // additional braces trigger the error
  // T t = { { &Arr } };
  // Read(t);

  // braces are required here -> error
   //S s = { { &Arr } };
  //Read(s);

  return Arr[0].size(); // error: Out of bounds access in expression 'Arr[0]' because 'Arr' is empty.
}

[CHR]

Maybe this is related: https://trac.cppcheck.net/ticket/10037

[Daniel Marjamäki]

Do I need to edit the code? I do not see the error Out of bounds access in expression 'Arr[0]' because 'Arr' is empty.

[CHR]

Sorry, I posted the version that doesn't give the warning.
Please comment out the "this is fine" block and uncomment the blocks below.

[Daniel Marjamäki]

Sorry.. can you show the exact code.. I do not see the error with this neither:

struct T {
  std::vector<std::wstring>* pvs;
};
struct S {
  T t;
};
long Read(S& s);
long Read(T& t);

size_t test() {
  std::vector<std::wstring> Arr;

  // additional braces trigger the error
  T t = { { &Arr } };
  Read(t);

  // braces are required here -> error
  S s = { { &Arr } };
  Read(s);

  return Arr[0].size(); // error: Out of bounds access in expression 'Arr[0]' because 'Arr' is empty.
}

[CHR]

Are #include <string> #include <vector> available? I can't check it right now, will report back tomorrow.

[CHR]

Did you use --inconclusive?
I modified the example to show the difference more clearly:

#include <string>
#include <vector>

struct T {
  std::vector<std::wstring>* pvs;
};
struct S {
  T t;
};
long Read(S& s);
long Read(T& t);

size_t test() {
  std::vector<std::wstring> ArrT, ArrT2, ArrS;

  T t = { &ArrT };
  Read(t);

  // additional braces trigger the error
  T t2 = { { &ArrT2 } };
  Read(t2);

  // braces are required here -> error
  S s = { { &ArrS } };
  Read(s);

  const size_t sizeT  = ArrT[0].size();
  const size_t sizeT2 = ArrT2[0].size();
  const size_t sizeS  = ArrS[0].size();
  return sizeT + sizeT2 + sizeS;
}

Output:

Source.cpp:227:30: error:inconclusive: Out of bounds access in expression 'ArrT2[0]' because 'ArrT2' is empty. [containerOutOfBounds]
  const size_t sizeT2 = ArrT2[0].size();
                             ^
Source.cpp:228:29: error:inconclusive: Out of bounds access in expression 'ArrS[0]' because 'ArrS' is empty. [containerOutOfBounds]
  const size_t sizeS  = ArrS[0].size();
                            ^
Source.cpp:204:30: style: struct member 'T::pvs' is never used. [unusedStructMember]
  std::vector<std::wstring>* pvs;

[Daniel Marjamäki]

aha.. no I did not use --inconclusive.. I will check that..

[CHR]

Were you able to reproduce it?

[Daniel Marjamäki]

Thanks for reminding me! I can reproduce now and created this ticket: https://trac.cppcheck.net/ticket/10076

I get syntax error for t2 so I left that out. for t there is no fp so I left that out also. but for s there is a false positive in deed.

[CHR]

Awesome, thanks!
Maybe the example involving t2 only compiles with MSVC? But I don't think it's important.