diff --git a/lib/valueflow.cpp b/lib/valueflow.cpp index 53838460b..2f9acc5b6 100644 --- a/lib/valueflow.cpp +++ b/lib/valueflow.cpp @@ -2398,10 +2398,13 @@ static bool valueFlowForward(Token * const startToken, valueFlowAST(const_cast(op2), varid, v, settings); } - const std::pair expr0 = op2->astOperand1()->findExpressionStartEndTokens(); - const std::pair expr1 = op2->astOperand2()->findExpressionStartEndTokens(); - const bool changed0 = isVariableChanged(expr0.first, expr0.second->next(), varid, var->isGlobal(), settings, tokenlist->isCPP()); - const bool changed1 = isVariableChanged(expr1.first, expr1.second->next(), varid, var->isGlobal(), settings, tokenlist->isCPP()); + const Token * const expr0 = op2->astOperand1() ? op2->astOperand1() : tok2->astOperand1(); + const Token * const expr1 = op2->astOperand2(); + + const std::pair startEnd0 = expr0->findExpressionStartEndTokens(); + const std::pair startEnd1 = expr1->findExpressionStartEndTokens(); + const bool changed0 = isVariableChanged(startEnd0.first, startEnd0.second->next(), varid, var->isGlobal(), settings, tokenlist->isCPP()); + const bool changed1 = isVariableChanged(startEnd1.first, startEnd1.second->next(), varid, var->isGlobal(), settings, tokenlist->isCPP()); if (changed0 && changed1) { if (settings->debugwarnings) diff --git a/test/testvalueflow.cpp b/test/testvalueflow.cpp index 38bcfa83a..d49005e26 100644 --- a/test/testvalueflow.cpp +++ b/test/testvalueflow.cpp @@ -2312,6 +2312,12 @@ private: "}"; ASSERT_EQUALS(true, testValueOfX(code, 3U, 5)); ASSERT_EQUALS(false, testValueOfX(code, 4U, 5)); + + code = "int f(int *p) {\n" // #9008 - gcc ternary ?: + " if (p) return;\n" + " x = *p ? : 1;\n" // <- no explicit expr0 + "}"; + testValueOfX(code, 1U, 0); // do not crash } void valueFlowForwardLambda() {