From a6a966e28e06e5cd5d85d4588deb73b7de447022 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= <danielm77@spray.se>
Date: Sun, 7 Aug 2011 17:06:25 +0200
Subject: [PATCH 1/2] Null pointer: Fixed false positive when condition
 contains assignment 'if (p==NULL && (p=malloc(10))!=NULL) *p=0;'

---
 lib/checknullpointer.cpp | 3 +++
 test/testnullpointer.cpp | 9 +++++++++
 2 files changed, 12 insertions(+)

diff --git a/lib/checknullpointer.cpp b/lib/checknullpointer.cpp
index 12d0763a1..76bcb3860 100644
--- a/lib/checknullpointer.cpp
+++ b/lib/checknullpointer.cpp
@@ -665,6 +665,9 @@ void CheckNullPointer::nullPointerByCheckAndDeRef()
             if (pointerVariables.find(varid) == pointerVariables.end())
                 continue;
 
+            if (Token::Match(vartok->next(), "&& ( %varid% =", varid))
+                continue;
+
             // if this is true then it is known that the pointer is null
             bool null = true;
 
diff --git a/test/testnullpointer.cpp b/test/testnullpointer.cpp
index 3a5569fa7..6b3301643 100644
--- a/test/testnullpointer.cpp
+++ b/test/testnullpointer.cpp
@@ -1203,6 +1203,15 @@ private:
               "    *p = 0;\n"
               "}\n");
         ASSERT_EQUALS("[test.cpp:4]: (error) Possible null pointer dereference: p - otherwise it is redundant to check if p is null at line 3\n", errout.str());
+
+        // check, assign and use
+        check("void f() {\n"
+              "    char *p;\n"
+              "    if (p == 0 && (p = malloc(10)) != 0) {\n"
+              "        *p = 0;\n"
+              "    }\n"
+              "}");
+        ASSERT_EQUALS("", errout.str());
     }
 
     // Test CheckNullPointer::nullConstantDereference

From 999b80bbb801a1f38163be2337815ec58b3767b1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= <danielm77@spray.se>
Date: Sun, 7 Aug 2011 17:54:25 +0200
Subject: [PATCH 2/2] Buffer overrun: Fix false negative

---
 lib/checkbufferoverrun.cpp | 11 +++++++++++
 test/testbufferoverrun.cpp |  9 +++++++++
 2 files changed, 20 insertions(+)

diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp
index 93d3d890b..fb16deb9a 100644
--- a/lib/checkbufferoverrun.cpp
+++ b/lib/checkbufferoverrun.cpp
@@ -1244,9 +1244,20 @@ void CheckBufferOverrun::checkGlobalAndLocalVariable()
             ArrayInfo arrayInfo(var, _tokenizer);
             const Token *tok = var->nameToken();
             while (tok && tok->str() != ";")
+            {
+                if (tok->str() == "{")
+                {
+                    if (Token::simpleMatch(tok->previous(), "= {"))
+                        tok = tok->link();
+                    else
+                        break;
+                }
                 tok = tok->next();
+            }
             if (!tok)
                 break;
+            if (tok->str() == "{")
+                tok = tok->next();
             checkScope(tok, arrayInfo);
         }
     }
diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp
index dc6f5cf90..1518ee522 100644
--- a/test/testbufferoverrun.cpp
+++ b/test/testbufferoverrun.cpp
@@ -442,6 +442,15 @@ private:
                   "}\n");
             ASSERT_EQUALS("", errout.str());
         }
+
+        {
+            check("void foo(int a[10]) {\n"
+                  "    for (int i=0;i<50;++i) {\n"
+                  "        a[i] = 0;\n"
+                  "    }\n"
+                  "}");
+            ASSERT_EQUALS("[test.cpp:3]: (error) Buffer access out-of-bounds: a\n", errout.str());
+        }
     }
 
     void array_index_4()