`STR53`: Fails to capture fixed string size.

[MFaisalZaki]

Affected rules

• cpp/cert/range-check-string-element-access

Description

The rule hits on a fixed string length.
The provided code snippet shows a simple 16-base converter yet the rule states

Access of container of type const string does not ensure that the index is smaller than the bounds.

Even though the reminder operation minimum value will be always 0 and the string d will never be empty.

Example

#include <iostream>
#include <string>

int main() {

    std::string word(" ");
    auto num = 100000;
    static const std::string d = "0123456789ABCDEF";

    while (num > 0) {
        word = d[num % 16] + word;
        num /= 16;
    }

    return 0;
}

[lcartey]

This is actually the same problem as #66 - the underlying analysis library is the same, and the issue is that we don't track the size of strings. I'm going to close this as a duplicate.

For reference, if this had been implemented as:

word = d[num % d.size()] + word;

We would not have reported it, as we do identify remainder on the size of the container as a valid size check.