From 07f6876dc812d5a254126c22a14107b4cc0e1ce1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= <daniel.marjamaki@gmail.com>
Date: Mon, 7 Sep 2020 21:19:07 +0200
Subject: [PATCH] Bug hunting; avoid uninit var fp for struct variables

---
 lib/bughuntingchecks.cpp      | 19 +++++++++++++------
 test/testbughuntingchecks.cpp | 19 +++++++++++++++++--
 2 files changed, 30 insertions(+), 8 deletions(-)

diff --git a/lib/bughuntingchecks.cpp b/lib/bughuntingchecks.cpp
index 3f0819996..ba78a4cfc 100644
--- a/lib/bughuntingchecks.cpp
+++ b/lib/bughuntingchecks.cpp
@@ -247,13 +247,20 @@ static void uninit(const Token *tok, const ExprEngine::Value &value, ExprEngine:
             return;
     }
 
-    // smart pointer is not uninitialized
-    if (tok->variable() && !tok->variable()->isPointer() && tok->variable()->isSmartPointer())
-        return;
+    // variable that is not uninitialized..
+    if (tok->variable() && !tok->variable()->isPointer() && !tok->variable()->isReference()) {
+        // smart pointer is not uninitialized
+        if (tok->variable()->isSmartPointer())
+            return;
 
-    // template variable is not uninitialized
-    if (tok->variable() && !tok->variable()->isPointer() && Token::findmatch(tok->variable()->typeStartToken(), "%name% <", tok->variable()->typeEndToken()))
-        return;
+        // struct
+        if (tok->variable()->type() && tok->variable()->type()->needInitialization == Type::NeedInitialization::False)
+            return;
+
+        // template variable is not uninitialized
+        if (Token::findmatch(tok->variable()->typeStartToken(), "%name% <", tok->variable()->typeEndToken()))
+            return;
+    }
 
     // lhs in assignment
     if (tok->astParent()->str() == "=" && tok == tok->astParent()->astOperand1())
diff --git a/test/testbughuntingchecks.cpp b/test/testbughuntingchecks.cpp
index c73d74d52..f4aba5233 100644
--- a/test/testbughuntingchecks.cpp
+++ b/test/testbughuntingchecks.cpp
@@ -42,7 +42,8 @@ private:
         TEST_CASE(uninit_malloc);
         TEST_CASE(uninit_struct);
         TEST_CASE(uninit_bailout);
-        TEST_CASE(uninit_fp_try_smartptr);
+        TEST_CASE(uninit_fp_smartptr);
+        TEST_CASE(uninit_fp_struct);
         TEST_CASE(uninit_fp_template_var);
         TEST_CASE(ctu);
 #endif
@@ -178,7 +179,7 @@ private:
         ASSERT_EQUALS("", errout.str());
     }
 
-    void uninit_fp_try_smartptr() {
+    void uninit_fp_smartptr() {
         check("void foo() {\n"
               "    std::unique_ptr<std::string> buffer;\n"
               "    try { } catch (std::exception& e) { }\n"
@@ -187,6 +188,20 @@ private:
         ASSERT_EQUALS("", errout.str());
     }
 
+    void uninit_fp_struct() {
+        check("struct Pos {\n"
+              "    int x {0};\n"
+              "    int y {0};\n"
+              "};\n"
+              "\n"
+              "void dostuff() {\n"
+              "    auto obj = C {};\n"
+              "    Pos xy;\n"
+              "    foo(xy);\n"
+              "}");
+        ASSERT_EQUALS("", errout.str());
+    }
+
     void uninit_fp_template_var() {
         check("void foo() {\n"
               "    X*x = DYNAMIC_CAST(X, p);\n"