Fix 12681: FP: knownConditionTrueFalse (#6416)

francois-berder · web-flow · commit 374e85d7ba81 · 2024-05-21T23:38:17.000+02:00
While truncating integer values for upper/lower bounds,
underflows/overflows must be handled correctly by
inverting the bound.

---------

Signed-off-by: Francois Berder &lt;fberder@outlook.fr&gt;
diff --git a/lib/valueflow.cpp b/lib/valueflow.cpp
@@ -2837,8 +2837,17 @@ struct ValueFlowAnalyzer : Analyzer {
             const ValueType *dst = tok->valueType();
             if (dst) {
                 const size_t sz = ValueFlow::getSizeOf(*dst, settings);
-                if (sz > 0 && sz < 8)
-                    value->intvalue = truncateIntValue(value->intvalue, sz, dst->sign);
+                if (sz > 0 && sz < sizeof(MathLib::biguint)) {
+                    long long newvalue = truncateIntValue(value->intvalue, sz, dst->sign);
+
+                    /* Handle overflow/underflow for value bounds */
+                    if (value->bound != ValueFlow::Value::Bound::Point) {
+                        if ((newvalue > value->intvalue && !inc) || (newvalue < value->intvalue && inc))
+                            value->invertBound();
+                    }
+
+                    value->intvalue = newvalue;
+                }
 
                 value->errorPath.emplace_back(tok, tok->str() + " is " + opName + "', new value is " + value->infoString());
             }
@@ -6054,7 +6063,7 @@ static std::list<ValueFlow::Value> truncateValues(std::list<ValueFlow::Value> va
             value.valueType = ValueFlow::Value::ValueType::INT;
         }
 
-        if (value.isIntValue() && sz > 0 && sz < 8)
+        if (value.isIntValue() && sz > 0 && sz < sizeof(MathLib::biguint))
             value.intvalue = truncateIntValue(value.intvalue, sz, dst->sign);
     }
     return values;
diff --git a/test/testcondition.cpp b/test/testcondition.cpp
@@ -4783,6 +4783,23 @@ class TestCondition : public TestFixture {
               "    }\n"
               "}\n");
         ASSERT_EQUALS("", errout_str());
+
+        // #12681
+        check("void f(unsigned u) {\n"
+              "      if (u > 0) {\n"
+              "             u--;\n"
+              "             if (u == 0) {}\n"
+              "      }\n"
+              "}\n");
+        ASSERT_EQUALS("", errout_str());
+
+        check("void f(unsigned u) {\n"
+              "      if (u < 0xFFFFFFFF) {\n"
+              "             u++;\n"
+              "             if (u == 0xFFFFFFFF) {}\n"
+              "      }\n"
+              "}\n");
+        ASSERT_EQUALS("", errout_str());
     }
 
     void alwaysTrueInfer() {
