Fix #14305 Wrong buffer sizes computed by valueFlowDynamicBufferSize()

web-flow · web-flow · commit de86e716bf3a · 2025-12-01T20:23:13.000+01:00
diff --git a/lib/valueflow.cpp b/lib/valueflow.cpp
@@ -7078,8 +7078,11 @@ static void valueFlowDynamicBufferSize(const TokenList& tokenlist, const SymbolD
             if (!typeTok || !typeTok->varId())
                 typeTok = newTok->astParent()->previous(); // hack for "int** z = ..."
             if (typeTok && typeTok->valueType()) {
-                const MathLib::bigint typeSize = typeTok->valueType()->typeSize(settings.platform, typeTok->valueType()->pointer > 1);
-                if (typeSize >= 0)
+                ValueType vt = *typeTok->valueType();
+                if (vt.pointer > 0)
+                    --vt.pointer;
+                const MathLib::bigint typeSize = ValueFlow::getSizeOf(vt, settings, ValueFlow::Accuracy::ExactOrZero);
+                if (typeSize > 0 || numElem == 0)
                     sizeValue = numElem * typeSize;
             }
         }
diff --git a/test/testvalueflow.cpp b/test/testvalueflow.cpp
@@ -7457,6 +7457,32 @@ class TestValueFlow : public TestFixture {
                "}";
         ASSERT_EQUALS(true, testValueOfX(code, 4U, 100,  ValueFlow::Value::ValueType::BUFFER_SIZE));
 
+        code = "struct A {};\n" // #14305
+               "void* f() {\n"
+               "  A* x = new A();\n"
+               "  return x;\n"
+               "}";
+        ASSERT_EQUALS(true, testValueOfX(code, 4U, 1, ValueFlow::Value::ValueType::BUFFER_SIZE));
+
+        code = "struct A {};\n"
+               "void* f() {\n"
+               "  void* x = new A;\n"
+               "  return x;\n"
+               "}";
+       {
+           auto values = tokenValues(code, "x ; }");
+           ASSERT_EQUALS(1, values.size());
+           ASSERT(values.front().isSymbolicValue());
+           // TODO: add BUFFER_SIZE value = 1
+       }
+
+        code = "struct B { int32_t i; };\n"
+               "void* f() {\n"
+               "  B* x = new B();\n"
+               "  return x;\n"
+               "}";
+        ASSERT_EQUALS(true, testValueOfX(code, 4U, 4, ValueFlow::Value::ValueType::BUFFER_SIZE));
+
         settings = settingsOld;
     }
 

Original file line number	Diff line number	Diff line change
`@@ -7078,8 +7078,11 @@ static void valueFlowDynamicBufferSize(const TokenList& tokenlist, const SymbolD`
`7078`	`7078`	`if (!typeTok \|\| !typeTok->varId())`
`7079`	`7079`	`typeTok = newTok->astParent()->previous(); // hack for "int** z = ..."`
`7080`	`7080`	`if (typeTok && typeTok->valueType()) {`
`7081`		`- const MathLib::bigint typeSize = typeTok->valueType()->typeSize(settings.platform, typeTok->valueType()->pointer > 1);`
`7082`		`- if (typeSize >= 0)`
	`7081`	`+ ValueType vt = *typeTok->valueType();`
	`7082`	`+ if (vt.pointer > 0)`
	`7083`	`+ --vt.pointer;`
	`7084`	`+ const MathLib::bigint typeSize = ValueFlow::getSizeOf(vt, settings, ValueFlow::Accuracy::ExactOrZero);`
	`7085`	`+ if (typeSize > 0 \|\| numElem == 0)`
`7083`	`7086`	`sizeValue = numElem * typeSize;`
`7084`	`7087`	`}`
`7085`	`7088`	`}`