Bug hunting; void* => might point at uninitialized data

2020-12-17 07:26:56 +01:00 · 2020-12-17 07:26:56 +01:00 · 75f2ab20e8
parent 8619bfe957
commit 75f2ab20e8
3 changed files with 12 additions and 2 deletions
--- a/lib/exprengine.cpp
+++ b/lib/exprengine.cpp
@ -2123,7 +2123,7 @@ static ExprEngine::ValuePtr executeCast(const Token *tok, Data &data)

        ::ValueType vt(*tok->valueType());
        vt.pointer = 0;
-        auto range = getValueRangeFromValueType(&vt, data);
+        auto range = std::make_shared<ExprEngine::UninitValue>();

        if (tok->valueType()->pointer == 0)
            return range;
--- a/test/testexprengine.cpp
+++ b/test/testexprengine.cpp
@ -108,6 +108,7 @@ private:

        TEST_CASE(pointer1);
        TEST_CASE(pointer2);
+        TEST_CASE(pointer3);
        TEST_CASE(pointerAlias1);
        TEST_CASE(pointerAlias2);
        TEST_CASE(pointerAlias3);
@ -794,6 +795,15 @@ private:
                      expr(code, "=="));
    }

+    void pointer3() {
+        const char code[] = "void f(void *p) {\n"
+                            "    double *data = (double *)p;\n"
+                            "    return *data;"
+                            "}";
+        ASSERT_EQUALS("[$1],[:]=?,null", getRange(code, "p"));
+        ASSERT_EQUALS("[$4],[:]=?,null", getRange(code, "data"));
+    }
+
    void pointerAlias1() {
        ASSERT_EQUALS("3", getRange("int f() { int x; int *p = &x; x = 3; return *p; }", "return*p"));
    }