No out of bounds warning when function parameter use array notation

[cola]

Hi!

If a function argument is an array and it is declared using pointer notation (int *arr) then the out of bounds check works, but if declared using array notation (int arr[]) then there is no out of bounds warning, see the example below:

void func1a(char *str);
void func2a(char str[]);
void func1b(char *str);
void func2b(char str[]);

int main(void)
{
    char str_sized[2] = "A";
    func1a(str_sized);
    func2a(str_sized);

    char str_unsized[] = "AB";
    func1b(str_unsized);
    func2b(str_unsized);

    return 0;
}

void func1a(char *str)
{
    str[2] = 'B';   // warning: Array index out of bounds; 'str' buffer size is 2 and it is accessed at offset 2. [ctuArrayIndex]
}

void func2a(char str[])
{
    str[2] = 'B';   // missing warning
}

void func1b(char *str)
{
    str[3] = 'B';   // warning: Array index out of bounds; 'str' buffer size is 3 and it is accessed at offset 3. [ctuArrayIndex]
}

void func2b(char str[])
{
    str[3] = 'B';   // missing warning
}

/col

[Daniel Marjamäki]

thanks! I created ticket https://trac.cppcheck.net/ticket/9788

[Daniel Marjamäki]

for information.. the ctu analysis in the "traditional" analysis will always be pretty limited. The analysis will go much deeper in the "bug hunting" analysis but that does not have an array index out of bounds check yet.