add bounds check

ludviggunne · ludviggunne · commit c2b5ac98f9f3 · 2025-12-06T16:31:55.000+01:00
diff --git a/.github/workflows/selfcheck.yml b/.github/workflows/selfcheck.yml
@@ -121,7 +121,7 @@ jobs:
 
       - name: Self check (unusedFunction / no test / no gui)
         run: |
-          supprs="--suppress=unusedFunction:lib/errorlogger.h:193 --suppress=unusedFunction:lib/importproject.cpp:1516 --suppress=unusedFunction:lib/importproject.cpp:1540"
+          supprs="--suppress=unusedFunction:lib/errorlogger.h:193 --suppress=unusedFunction:lib/importproject.cpp:1518 --suppress=unusedFunction:lib/importproject.cpp:1542"
           ./cppcheck -q --template=selfcheck --error-exitcode=1 --library=cppcheck-lib -D__CPPCHECK__ -D__GNUC__ --enable=unusedFunction,information --exception-handling -rp=. --project=cmake.output.notest_nogui/compile_commands.json --suppressions-list=.selfcheck_unused_suppressions --inline-suppr $supprs
         env:
           DISABLE_VALUEFLOW: 1
diff --git a/lib/importproject.cpp b/lib/importproject.cpp
@@ -270,6 +270,8 @@ void ImportProject::fsParseCommand(FileSettings& fs, const std::string& command,
         if (command[pos] == '"') {
             wholeArgQuoted = true;
             pos++;
+            if (pos >= command.size())
+                break;
         }
         if (command[pos] != '/' && command[pos] != '-')
             continue;

Original file line number	Diff line number	Diff line change
`@@ -270,6 +270,8 @@ void ImportProject::fsParseCommand(FileSettings& fs, const std::string& command,`
`270`	`270`	`if (command[pos] == '"') {`
`271`	`271`	`wholeArgQuoted = true;`
`272`	`272`	`pos++;`
	`273`	`+ if (pos >= command.size())`
	`274`	`+ break;`
`273`	`275`	`}`
`274`	`276`	`if (command[pos] != '/' && command[pos] != '-')`
`275`	`277`	`continue;`