From e286896d752e8d88c524ea52337e840166211421 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= Date: Sun, 3 Jan 2010 15:35:32 +0100 Subject: [PATCH 1/4] Fixed #1216 (false positive: uninitialized variable when using exit|abort) --- lib/executionpath.cpp | 6 ++++++ test/testother.cpp | 8 ++++++++ 2 files changed, 14 insertions(+) diff --git a/lib/executionpath.cpp b/lib/executionpath.cpp index 586027e5c..96f85e628 100644 --- a/lib/executionpath.cpp +++ b/lib/executionpath.cpp @@ -95,6 +95,12 @@ static const Token *checkExecutionPaths_(const Token *tok, std::listtokAt(2)->link(); diff --git a/test/testother.cpp b/test/testother.cpp index d1a827767..894a41873 100644 --- a/test/testother.cpp +++ b/test/testother.cpp @@ -954,6 +954,14 @@ private: "}\n"); ASSERT_EQUALS("", errout.str()); + checkNullPointer("static void foo()\n" + "{\n" + " int *p = 0;\n" + " exit();\n" + " *p = 0;\n" + "}\n"); + ASSERT_EQUALS("", errout.str()); + checkNullPointer("static void foo(int a)\n" "{\n" " Foo *p = 0;\n" From 79223b71d5436ebc814f2c8ce2e158cb0ded65a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= Date: Sun, 3 Jan 2010 15:49:17 +0100 Subject: [PATCH 2/4] added test case for #1193 (false negative: array out of bounds in loop when there is calculation) --- test/testbufferoverrun.cpp | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp index 4726584c2..5b88c9961 100644 --- a/test/testbufferoverrun.cpp +++ b/test/testbufferoverrun.cpp @@ -95,6 +95,7 @@ private: TEST_CASE(array_index_23); TEST_CASE(array_index_multidim); TEST_CASE(array_index_switch_in_for); + TEST_CASE(array_index_calculation); TEST_CASE(buffer_overrun_1); TEST_CASE(buffer_overrun_2); @@ -819,9 +820,25 @@ private: " };\n" " }\n" "}\n"); + ASSERT_EQUALS("", errout.str()); TODO_ASSERT_EQUALS("[test.cpp:12]: (error) Array index out of bounds\n", errout.str()); } + void array_index_calculation() + { + // #1193 - false negative: array out of bounds in loop when there is calculation + check("void f()\n" + "{\n" + " int ar[5];\n" + " for (int i = 10; i < 20; ++i)\n" + " {\n" + " ar[(i - 10) / 2] = 0;\n" + " }\n" + "}\n"); + ASSERT_EQUALS("", errout.str()); + TODO_ASSERT_EQUALS("[test.cpp:6]: (error) Array index out of bounds\n", errout.str()); + } + void buffer_overrun_1() { check("void f()\n" From e6d5c761388949a55e369e701e3b28db984e5bb1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= Date: Sun, 3 Jan 2010 15:52:52 +0100 Subject: [PATCH 3/4] refactoring --- test/testbufferoverrun.cpp | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp index 5b88c9961..912e32365 100644 --- a/test/testbufferoverrun.cpp +++ b/test/testbufferoverrun.cpp @@ -829,14 +829,13 @@ private: // #1193 - false negative: array out of bounds in loop when there is calculation check("void f()\n" "{\n" - " int ar[5];\n" - " for (int i = 10; i < 20; ++i)\n" - " {\n" - " ar[(i - 10) / 2] = 0;\n" + " char data[8];\n" + " for (int i = 19; i < 36; ++i) {\n" + " data[(i-0)/2] = 0;\n" " }\n" "}\n"); ASSERT_EQUALS("", errout.str()); - TODO_ASSERT_EQUALS("[test.cpp:6]: (error) Array index out of bounds\n", errout.str()); + TODO_ASSERT_EQUALS("[test.cpp:5]: (error) Array index out of bounds\n", errout.str()); } void buffer_overrun_1() From e248f7d3e514935ea89c12675efc4377750955ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= Date: Sun, 3 Jan 2010 18:49:13 +0100 Subject: [PATCH 4/4] Fixed #1023 (improve check: Unintialized variable not detected when using +=) --- lib/checkother.cpp | 20 ++++++++++++++++++++ test/testother.cpp | 22 ++++++++++++++++++++++ 2 files changed, 42 insertions(+) diff --git a/lib/checkother.cpp b/lib/checkother.cpp index b673410a1..63ac7ccf3 100644 --- a/lib/checkother.cpp +++ b/lib/checkother.cpp @@ -1625,6 +1625,26 @@ private: return &tok; } + // += etc + if (Token::Match(tok.previous(), "[;{}]") || Token::Match(tok.tokAt(-2), "[;{}] *")) + { + // goto the equal.. + const Token *eq = tok.next(); + if (eq && eq->str() == "[" && eq->link() && eq->link()->next()) + eq = eq->link()->next(); + + // is it X= + if (Token::Match(eq, "+=|-=|*=|/=|&=|^=") || eq->str() == "|=") + { + if (tok.previous()->str() == "*") + use_pointer(foundError, checks, &tok); + else if (tok.next()->str() == "[") + use_array(foundError, checks, &tok); + else + use(foundError, checks, &tok); + } + } + if (Token::Match(tok.next(), "= malloc|kmalloc") || Token::simpleMatch(tok.next(), "= new char [")) { alloc_pointer(checks, tok.varId()); diff --git a/test/testother.cpp b/test/testother.cpp index 894a41873..8f11a8719 100644 --- a/test/testother.cpp +++ b/test/testother.cpp @@ -1184,6 +1184,28 @@ private: "}\n"); ASSERT_EQUALS("", errout.str()); + // += + checkUninitVar("void f()\n" + "{\n" + " int c;\n" + " c += 2;\n" + "}\n"); + ASSERT_EQUALS("[test.cpp:4]: (error) Uninitialized variable: c\n", errout.str()); + + checkUninitVar("void f()\n" + "{\n" + " char *s = malloc(100);\n" + " *s += 10;\n" + "}\n"); + ASSERT_EQUALS("[test.cpp:4]: (error) Data is allocated but not initialized: s\n", errout.str()); + + checkUninitVar("void f()\n" + "{\n" + " int a[10];\n" + " a[0] += 10;\n" + "}\n"); + ASSERT_EQUALS("[test.cpp:4]: (error) Uninitialized variable: a\n", errout.str()); + // goto.. checkUninitVar("void foo(int x)\n" "{\n"