STL check: Look for string.c_str() / stringstream.str().c_str() "return" usage (object is destroyed on return)

lib/checkstl.cpp

@@ -1019,6 +1019,14 @@ void CheckStl::string_c_str()
                          tok->next()->varId() > 0 &&
                          localvar.find(tok->next()->varId()) != localvar.end()) {
                     string_c_strError(tok);
+                } else if (Token::Match(tok, "return %var% . c_str ( ) ;") &&
+                           tok->next()->varId() > 0 &&
+                           localvar.find(tok->next()->varId()) != localvar.end()) {
+                    string_c_strError(tok);
+                } else if (Token::Match(tok, "return %var% . str ( ) . c_str ( ) ;") &&
+                           tok->next()->varId() > 0 &&
+                           localvar.find(tok->next()->varId()) != localvar.end()) {
+                    string_c_strError(tok);
                 } else if (Token::Match(tok, "[;{}] %var% = %var% . str ( ) . c_str ( ) ;") &&
                            tok->next()->varId() > 0 &&
                            pointers.find(tok->next()->varId()) != pointers.end()) {

test/teststl.cpp

@@ -1311,6 +1311,18 @@ private:
               "}");
         ASSERT_EQUALS("[test.cpp:3]: (error) Dangerous usage of c_str()\n", errout.str());
 
+        check("const char *get_msg() {\n"
+              "    std::string errmsg;\n"
+              "    return errmsg.c_str();\n"
+              "}");
+        ASSERT_EQUALS("[test.cpp:3]: (error) Dangerous usage of c_str()\n", errout.str());
+
+        check("const char *get_msg() {\n"
+              "    std::ostringstream errmsg;\n"
+              "    return errmsg.str().c_str();\n"
+              "}");
+        ASSERT_EQUALS("[test.cpp:3]: (error) Dangerous usage of c_str()\n", errout.str());
+
         check("void f() {\n"
               "    std::ostringstream errmsg;\n"
               "    const char *c = errmsg.str().c_str();\n"