From d9be3c3720cf6bce2375b50c1f80fcc5e5bdf0c6 Mon Sep 17 00:00:00 2001
From: chrchr-github <78114321+chrchr-github@users.noreply.github.com>
Date: Wed, 28 Jan 2026 11:45:01 +0100
Subject: [PATCH 1/2] Update ctu.cpp

---
 lib/ctu.cpp | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/lib/ctu.cpp b/lib/ctu.cpp
index df8ee0f74b6..b88bd049255 100644
--- a/lib/ctu.cpp
+++ b/lib/ctu.cpp
@@ -559,6 +559,20 @@ static bool findPath(const std::string &callId,
     return false;
 }
 
+static std::string getInvalidValueString(CTU::FileInfo::InvalidValueType invalidValue)
+{
+    using InvalidValueType = CTU::FileInfo::InvalidValueType;
+    switch (invalidValue) {
+    case InvalidValueType::null:
+        return "null";
+    case InvalidValueType::uninit:
+        return "uninitialized";
+    case InvalidValueType::bufferOverflow:
+        return "accessed out of bounds";
+    }
+    cppcheck::unreachable();
+}
+
 std::list<ErrorMessage::FileLocation> CTU::FileInfo::getErrorPath(InvalidValueType invalidValue,
                                                                   const CTU::FileInfo::UnsafeUsage &unsafeUsage,
                                                                   const std::map<std::string, std::list<const CTU::FileInfo::CallBase *>> &callsMap,
@@ -581,7 +595,7 @@ std::list<ErrorMessage::FileLocation> CTU::FileInfo::getErrorPath(InvalidValueTy
 
     std::list<ErrorMessage::FileLocation> locationList;
 
-    const std::string value1 = (invalidValue == InvalidValueType::null) ? "null" : "uninitialized";
+    const std::string value1 = getInvalidValueString(invalidValue);
 
     for (int index = 9; index >= 0; index--) {
         if (!path[index])

From 4eab2d5c07ea6901732f904b5a8a04a316166ed7 Mon Sep 17 00:00:00 2001
From: chrchr-github <78114321+chrchr-github@users.noreply.github.com>
Date: Wed, 28 Jan 2026 11:46:56 +0100
Subject: [PATCH 2/2] Update testbufferoverrun.cpp

---
 test/testbufferoverrun.cpp | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp
index ec02406dcc8..66b3ea2e4e0 100644
--- a/test/testbufferoverrun.cpp
+++ b/test/testbufferoverrun.cpp
@@ -5515,6 +5515,19 @@ class TestBufferOverrun : public TestFixture {
             "    f(s);\n"
             "}\n");
         ASSERT_EQUALS("", errout_str());
+
+        setMultiline();
+        ctu("void g(char* p) {\n"
+            "    memset(p + 10, 0, 10);\n"
+            "}\n"
+            "void f() {\n"
+            "    char a[10] = {};\n"
+            "    g(a);\n"
+            "}");
+        ASSERT_EQUALS("[test.cpp:2:12]: error: Pointer arithmetic overflow; 'p' buffer size is 10 [ctuPointerArith]\n"
+                      "[test.cpp:6:6]: note: Calling function g, 1st argument is accessed out of bounds\n"
+                      "[test.cpp:2:12]: note: Using argument p\n",
+                      errout_str());
     }
 
     void objectIndex() {