walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Fixed #2090 (False negative: null pointer dereference 's=0; strcpy(s,p);')

This commit is contained in:
Daniel Marjamäki 2010-12-26 19:29:58 +01:00
parent dd13a98fd9
commit 5f3d2a7e35
2 changed files with 32 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
lib/checknullpointer.cpp
View File

@ -79,7 +79,8 @@ void CheckNullPointer::parseFunctionCall(const Token &tok, std::list<const Token
} }
// 1st parameter.. // 1st parameter..
if (Token::Match(&tok, "%var% ( %var% ,|)") && tok.tokAt(2)->varId() > 0) if ((Token::Match(&tok, "%var% ( %var% ,|)") && tok.tokAt(2)->varId() > 0) ||
(value == 0 && Token::Match(&tok, "%var% ( 0 ,|)")))
{ {
if (functionNames1.find(tok.str()) != functionNames1.end()) if (functionNames1.find(tok.str()) != functionNames1.end())
var.push_back(tok.tokAt(2)); var.push_back(tok.tokAt(2));
@ -90,7 +91,8 @@ void CheckNullPointer::parseFunctionCall(const Token &tok, std::list<const Token
} }
// 2nd parameter.. // 2nd parameter..
if (Token::Match(&tok, "%var% ( %any% , %var% ,|)") && tok.tokAt(4)->varId() > 0) if ((Token::Match(&tok, "%var% ( %any% , %var% ,|)") && tok.tokAt(4)->varId() > 0) ||
(value == 0 && Token::Match(&tok, "%var% ( %any% , 0 ,|)")))
{ {
if (functionNames2.find(tok.str()) != functionNames2.end()) if (functionNames2.find(tok.str()) != functionNames2.end())
var.push_back(tok.tokAt(4)); var.push_back(tok.tokAt(4));
@ -602,6 +604,21 @@ void CheckNullPointer::nullConstantDereference()
nullPointerError(tok); nullPointerError(tok);
} }
} }
else if (indentlevel > 0 && Token::Match(tok, "%var% ("))
{
std::list<const Token *> var;
parseFunctionCall(*tok, var, 0);
// is one of the var items a NULL pointer?
for (std::list<const Token *>::const_iterator it = var.begin(); it != var.end(); ++it)
{
if ((*it)->str() == "0")
{
nullPointerError(*it);
}
}
}
} }
} }
} }

13
test/testnullpointer.cpp
View File

@ -45,6 +45,7 @@ private:
TEST_CASE(nullpointer8); TEST_CASE(nullpointer8);
TEST_CASE(nullpointer9); TEST_CASE(nullpointer9);
TEST_CASE(pointerCheckAndDeRef); // check if pointer is null and then dereference it TEST_CASE(pointerCheckAndDeRef); // check if pointer is null and then dereference it
TEST_CASE(nullConstantDereference); // Dereference NULL constant
} }
void check(const char code[]) void check(const char code[])
@ -802,6 +803,18 @@ private:
"}\n"); "}\n");
ASSERT_EQUALS("", errout.str()); ASSERT_EQUALS("", errout.str());
} }
// Test CheckNullPointer::nullConstantDereference
void nullConstantDereference()
{
// Ticket #2090
check("void foo() {\n"
" char *p = 0;\n"
" strcpy(p, \"abcd\");\n"
"}\n");
ASSERT_EQUALS("[test.cpp:3]: (error) Null pointer dereference\n", errout.str());
}
}; };
REGISTER_TEST(TestNullPointer) REGISTER_TEST(TestNullPointer)