From 5e0e2c47828e3776a97f2cd6949c1437558577d9 Mon Sep 17 00:00:00 2001 From: Reijo Tomperi Date: Sat, 29 Oct 2011 11:35:31 +0300 Subject: [PATCH] Fix #3256 (Null pointer dereference not detected) http://sourceforge.net/apps/trac/cppcheck/ticket/3256 It is now detected if --inconclusive command line argument is given (the argument is unofficial currently) --- lib/checknullpointer.cpp | 11 ++++++++--- test/testnullpointer.cpp | 8 ++++++++ 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/lib/checknullpointer.cpp b/lib/checknullpointer.cpp index 04e84e745..36dbb1c88 100644 --- a/lib/checknullpointer.cpp +++ b/lib/checknullpointer.cpp @@ -817,9 +817,14 @@ void CheckNullPointer::nullPointerByCheckAndDeRef() if (Token::simpleMatch(tok2, ") ;") && (Token::Match(tok2->link()->tokAt(-2), "[;{}.] %var% (") || Token::Match(tok2->link()->tokAt(-5), "[;{}] ( * %var% ) ("))) { - // noreturn function? - if (tok2->strAt(2) == "}") - break; + if (!_settings->inconclusive) { + // noreturn function? + // If inside null pointer check we unknown function call, we must + // assume that it can terminate the program and possible null pointer + // error wont ever happen. + if (tok2->strAt(2) == "}") + break; + } // init function (global variables) const SymbolDatabase *symbolDatabase = _tokenizer->getSymbolDatabase(); diff --git a/test/testnullpointer.cpp b/test/testnullpointer.cpp index 2ce6710a9..8b2d9b555 100644 --- a/test/testnullpointer.cpp +++ b/test/testnullpointer.cpp @@ -1176,6 +1176,14 @@ private: "}\n"); ASSERT_EQUALS("", errout.str()); + check("void foo(char *p) {\n" + " if (!p) {\n" + " abort();\n" + " }\n" + " *p = 0;\n" + "}\n", true); + ASSERT_EQUALS("[test.cpp:5]: (error) Possible null pointer dereference: p - otherwise it is redundant to check if p is null at line 2\n", errout.str()); + check("void foo(char *p) {\n" " if (!p) {\n" " (*bail)();\n"