Fix #14342 FN containerOutOfBounds (std::string_view of array, constructor call) (#8190)

Author: chrchr-github

lib/valueflow.cpp

@@ -6490,6 +6490,9 @@ static std::vector<ValueFlow::Value> getContainerSizeFromConstructorArgs(const s
         if (astIsPointer(args[0])) {
             if (args.size() == 1 && args[0]->tokType() == Token::Type::eString)
                 return {makeContainerSizeValue(Token::getStrLength(args[0]), known)};
+            if (args.size() == 1 && args[0]->variable() && args[0]->variable()->isArray() &&
+                args[0]->variable()->isConst() && args[0]->variable()->dimensions().size() == 1)
+                return {makeContainerSizeValue(args[0]->variable()->dimensions()[0].num, known)};
             if (args.size() == 2 && astIsIntegral(args[1], false)) // { char*, count }
                 return {makeContainerSizeValue(args[1], known)};
         } else if (astIsContainer(args[0])) {
@@ -6707,23 +6710,25 @@ static void valueFlowContainerSize(const TokenList& tokenlist,
                 for (const ValueFlow::Value& value : values)
                     setTokenValue(tok, value, settings);
             }
-            else if (Token::Match(tok->previous(), ",|( {|%str%")) {
-                int nArg{};
-                if (const Token* funcTok = getTokenArgumentFunction(tok, nArg)) {
-                    if (const Function* func = funcTok->function()) {
-                        if (const Variable* var = func->getArgumentVar(nArg)) {
-                            if (var->valueType() && var->valueType()->container && var->valueType()->container->size_templateArgNo < 0) {
-                                auto values = tok->tokType() == Token::Type::eString
-                                   ? std::vector<ValueFlow::Value>{makeContainerSizeValue(Token::getStrLength(tok))}
-                                   : getInitListSize(tok, var->valueType(), settings, true);
-                                ValueFlow::Value tokValue;
-                                tokValue.valueType = ValueFlow::Value::ValueType::TOK;
-                                tokValue.tokvalue = tok;
-                                tokValue.setKnown();
-                                values.push_back(std::move(tokValue));
-
-                                for (const ValueFlow::Value &value : values)
-                                    setTokenValue(tok, value, settings);
+            else if (Token::Match(tok->previous(), ",|(") && (Token::Match(tok, "{|%str%") || settings.library.detectContainer(tok))) {
+                if (Token* argTok = tok->previous()->astOperand2()) {
+                    int nArg{};
+                    if (const Token* funcTok = getTokenArgumentFunction(argTok, nArg)) {
+                        if (const Function* func = funcTok->function()) {
+                            if (const Variable* var = func->getArgumentVar(nArg)) {
+                                if (var->valueType() && var->valueType()->container && var->valueType()->container->size_templateArgNo < 0) {
+                                    auto values = argTok->tokType() == Token::Type::eString
+                                        ? std::vector<ValueFlow::Value>{makeContainerSizeValue(Token::getStrLength(argTok))}
+                                    : getInitListSize(argTok, var->valueType(), settings, true);
+                                    ValueFlow::Value tokValue;
+                                    tokValue.valueType = ValueFlow::Value::ValueType::TOK;
+                                    tokValue.tokvalue = argTok;
+                                    tokValue.setKnown();
+                                    values.push_back(std::move(tokValue));
+
+                                    for (const ValueFlow::Value& value : values)
+                                        setTokenValue(argTok, value, settings);
+                                }
                             }
                         }
                     }

test/teststl.cpp

@@ -980,6 +980,24 @@ class TestStl : public TestFixture {
                     "}\n");
         ASSERT_EQUALS("[test.cpp:4:13]: error: Out of bounds access in 'x[3]', if 'x' size is 1 and '3' is 3 [containerOutOfBounds]\n",
                       errout_str());
+
+        checkNormal("int main() {\n"
+                    "    const char a[] = \"abc\";\n"
+                    "    std::string_view x{ a };\n"
+                    "    return x[5];\n"
+                    "}\n");
+        ASSERT_EQUALS("[test.cpp:4:13]: error: Out of bounds access in 'x[5]', if 'x' size is 4 and '5' is 5 [containerOutOfBounds]\n",
+                      errout_str());
+
+        checkNormal("int f(const std::string& v) {\n"
+                    "    return v[2];\n"
+                    "}\n"
+                    "int main() {\n"
+                    "    std::string_view x{ \"a\" };\n"
+                    "    return f(std::string(x));\n"
+                    "}\n");
+        ASSERT_EQUALS("[test.cpp:2:13]: error: Out of bounds access in 'v[2]', if 'v' size is 1 and '2' is 2 [containerOutOfBounds]\n",
+                      errout_str());
     }
 
     void outOfBoundsSymbolic()