Bug hunting; Fix false positive, unsigned array index can't be negative

Author: danmar

lib/bughuntingchecks.cpp

@@ -72,7 +72,8 @@ static void arrayIndex(const Token *tok, const ExprEngine::Value &value, ExprEng
                                   bailout);
         }
     }
-    if (value.isLessThan(dataBase, 0)) {
+    bool isUnsigned = tok->valueType() && tok->valueType()->sign == ::ValueType::Sign::UNSIGNED;
+    if (!isUnsigned && value.isLessThan(dataBase, 0)) {
         const bool bailout = (value.type == ExprEngine::ValueType::BailoutValue);
         dataBase->reportError(tok,
                               Severity::SeverityType::error,

test/testbughuntingchecks.cpp

@@ -41,6 +41,7 @@ class TestBughuntingChecks : public TestFixture {
         TEST_CASE(arrayIndexOutOfBounds3);
         TEST_CASE(arrayIndexOutOfBounds4);
         TEST_CASE(arrayIndexOutOfBounds5);
+        TEST_CASE(arrayIndexOutOfBounds6);
         TEST_CASE(arrayIndexOutOfBoundsDim1);
         TEST_CASE(bufferOverflowMemCmp1);
         TEST_CASE(bufferOverflowMemCmp2);
@@ -157,6 +158,14 @@ class TestBughuntingChecks : public TestFixture {
                       "[test.cpp:9]: (error) Cannot determine that 'buf[i]' is initialized\n",
                       errout.str());
     }
+    void arrayIndexOutOfBounds6() {
+        check("int buf[5];\n"
+              "uint16_t foo(size_t offset) {\n"
+              "    uint8_t c = (offset & 0xc0) >> 6;\n"
+              "    return 2 * buf[c];\n"
+              "}");
+        ASSERT_EQUALS("", errout.str());
+    }
 
     void arrayIndexOutOfBoundsDim1() { // itc test case
         check("void overrun_st_008 () {\n"