Fix #8983 FN containerOutOfBounds (passing empty init list)

Author: web-flow

lib/valueflow.cpp

@@ -6884,11 +6884,33 @@ static void valueFlowContainerSize(const TokenList& tokenlist,
                 }
                 for (const ValueFlow::Value& value : values)
                     setTokenValue(tok, value, settings);
-            } else if (Token::Match(tok, ";|{|} %var% =") && Token::Match(tok->tokAt(2)->astOperand2(), "[({]") &&
-                       // init list
-                       ((tok->tokAt(2) == tok->tokAt(2)->astOperand2()->astParent() && !tok->tokAt(2)->astOperand2()->astOperand2() && tok->tokAt(2)->astOperand2()->str() == "{") ||
-                        // constructor
-                        (!Token::simpleMatch(tok->tokAt(2)->astOperand2()->astOperand1(), ".") && settings.library.detectContainer(tok->tokAt(3))))) {
+            }
+            else if (Token::Match(tok->previous(), ",|( {")) {
+                int nArg{};
+                if (const Token* funcTok = getTokenArgumentFunction(tok, nArg)) {
+                    if (const Function* func = funcTok->function()) {
+                        if (const Variable* var = func->getArgumentVar(nArg)) {
+                            if (var->valueType() && var->valueType()->container && var->valueType()->container->size_templateArgNo < 0) {
+                                std::vector<ValueFlow::Value> values = getInitListSize(tok, var->valueType(), settings, true);
+                                ValueFlow::Value value;
+                                value.valueType = ValueFlow::Value::ValueType::TOK;
+                                value.tokvalue = tok;
+                                value.setKnown();
+                                values.push_back(std::move(value));
+
+                                for (const ValueFlow::Value &value : values)
+                                    setTokenValue(tok, value, settings);
+                            }
+                        }
+                    }
+                }
+            }
+            else if (Token::Match(tok, ";|{|} %var% =") && Token::Match(tok->tokAt(2)->astOperand2(), "[({]") &&
+                     // init list
+                     ((tok->tokAt(2) == tok->tokAt(2)->astOperand2()->astParent() && !tok->tokAt(2)->astOperand2()->astOperand2() && tok->tokAt(2)->astOperand2()->str() == "{") ||
+                      // constructor
+                      (!Token::simpleMatch(tok->tokAt(2)->astOperand2()->astOperand1(), ".") && settings.library.detectContainer(tok->tokAt(3)))))
+            {
                 Token* containerTok = tok->next();
                 if (containerTok->exprId() == 0)
                     continue;
@@ -6899,8 +6921,10 @@ static void valueFlowContainerSize(const TokenList& tokenlist,
                     for (const ValueFlow::Value& value : values)
                         valueFlowForward(containerTok->next(), containerTok, value, tokenlist, errorLogger, settings);
                 }
-            } else if (Token::Match(tok, ". %name% (") && tok->astOperand1() && tok->astOperand1()->valueType() &&
-                       tok->astOperand1()->valueType()->container) {
+            }
+            else if (Token::Match(tok, ". %name% (") && tok->astOperand1() && tok->astOperand1()->valueType() &&
+                     tok->astOperand1()->valueType()->container)
+            {
                 const Token* containerTok = tok->astOperand1();
                 if (containerTok->exprId() == 0)
                     continue;
@@ -6925,14 +6949,16 @@ static void valueFlowContainerSize(const TokenList& tokenlist,
                     valueFlowForward(tok->linkAt(2), containerTok, std::move(value), tokenlist, errorLogger, settings);
                 }
                 // TODO: handle more actions?
-
-            } else if (tok->str() == "+=" && astIsContainer(tok->astOperand1())) {
+            }
+            else if (tok->str() == "+=" && astIsContainer(tok->astOperand1()))
+            {
                 const Token* containerTok = tok->astOperand1();
                 const Token* valueTok = tok->astOperand2();
                 const MathLib::bigint size = ValueFlow::valueFlowGetStrLength(valueTok);
                 forwardMinimumContainerSize(size, tok, containerTok);
-
-            } else if (tok->str() == "=" && Token::simpleMatch(tok->astOperand2(), "+") && astIsContainerString(tok)) {
+            }
+            else if (tok->str() == "=" && Token::simpleMatch(tok->astOperand2(), "+") && astIsContainerString(tok))
+            {
                 const Token* tok2 = tok->astOperand2();
                 MathLib::bigint size = 0;
                 while (Token::simpleMatch(tok2, "+") && tok2->astOperand2()) {

test/teststl.cpp

@@ -945,6 +945,28 @@ class TestStl : public TestFixture {
                     "    (void)v[0];\n"
                     "}\n");
         ASSERT_EQUALS("", errout_str());
+
+        checkNormal("int f(const std::vector<int>& v) {\n" // #8983
+                    "    return v[2];\n"
+                    "}\n"
+                    "int g() {\n"
+                    "    return f({});\n"
+                    "}\n"
+                    "int h() {\n"
+                    "    return f({ 1, 2 });\n"
+                    "}\n");
+        ASSERT_EQUALS("[test.cpp:2:13]: error: Out of bounds access in 'v[2]', if 'v' size is 2 and '2' is 2 [containerOutOfBounds]\n"
+                      "[test.cpp:2:13]: error: Out of bounds access in expression 'v[2]' because 'v' is empty. [containerOutOfBounds]\n",
+                      errout_str());
+
+        checkNormal("int f(int x, const std::vector<int>& v) {\n"
+                    "    return x + v[0];\n"
+                    "}\n"
+                    "int g() {\n"
+                    "    return f(1, {});\n"
+                    "}\n");
+        ASSERT_EQUALS("[test.cpp:2:17]: error: Out of bounds access in expression 'v[0]' because 'v' is empty. [containerOutOfBounds]\n",
+                      errout_str());
     }
 
     void outOfBoundsSymbolic()