Fixed #2090 (False negative: null pointer dereference 's=0; strcpy(s,p);')

2010-12-26 19:29:58 +01:00 · 2010-12-26 19:29:58 +01:00 · 5f3d2a7e35
parent dd13a98fd9
commit 5f3d2a7e35
2 changed files with 32 additions and 2 deletions
--- a/lib/checknullpointer.cpp
+++ b/lib/checknullpointer.cpp
@ -79,7 +79,8 @@ void CheckNullPointer::parseFunctionCall(const Token &tok, std::list<const Token
    }

    // 1st parameter..
-    if (Token::Match(&tok, "%var% ( %var% ,|)") && tok.tokAt(2)->varId() > 0)
+    if ((Token::Match(&tok, "%var% ( %var% ,|)") && tok.tokAt(2)->varId() > 0) ||
+        (value == 0 && Token::Match(&tok, "%var% ( 0 ,|)")))
    {
        if (functionNames1.find(tok.str()) != functionNames1.end())
            var.push_back(tok.tokAt(2));
@ -90,7 +91,8 @@ void CheckNullPointer::parseFunctionCall(const Token &tok, std::list<const Token
    }

    // 2nd parameter..
-    if (Token::Match(&tok, "%var% ( %any% , %var% ,|)") && tok.tokAt(4)->varId() > 0)
+    if ((Token::Match(&tok, "%var% ( %any% , %var% ,|)") && tok.tokAt(4)->varId() > 0) ||
+        (value == 0 && Token::Match(&tok, "%var% ( %any% , 0 ,|)")))
    {
        if (functionNames2.find(tok.str()) != functionNames2.end())
            var.push_back(tok.tokAt(4));
@ -602,6 +604,21 @@ void CheckNullPointer::nullConstantDereference()
                    nullPointerError(tok);
                }
            }
+
+            else if (indentlevel > 0 && Token::Match(tok, "%var% ("))
+            {
+                std::list<const Token *> var;
+                parseFunctionCall(*tok, var, 0);
+
+                // is one of the var items a NULL pointer?
+                for (std::list<const Token *>::const_iterator it = var.begin(); it != var.end(); ++it)
+                {
+                    if ((*it)->str() == "0")
+                    {
+                        nullPointerError(*it);
+                    }
+                }
+            }
        }
    }
 }
--- a/test/testnullpointer.cpp
+++ b/test/testnullpointer.cpp
@ -45,6 +45,7 @@ private:
        TEST_CASE(nullpointer8);
        TEST_CASE(nullpointer9);
        TEST_CASE(pointerCheckAndDeRef);	// check if pointer is null and then dereference it
+        TEST_CASE(nullConstantDereference);		// Dereference NULL constant
    }

    void check(const char code[])
@ -802,6 +803,18 @@ private:
              "}\n");
        ASSERT_EQUALS("", errout.str());
    }
+
+    // Test CheckNullPointer::nullConstantDereference
+    void nullConstantDereference()
+    {
+        // Ticket #2090
+        check("void foo() {\n"
+              "  char *p = 0;\n"
+              "  strcpy(p, \"abcd\");\n"
+              "}\n");
+        ASSERT_EQUALS("[test.cpp:3]: (error) Null pointer dereference\n", errout.str());
+    }
+
 };

 REGISTER_TEST(TestNullPointer)