Fix 11040: FP nullPointer after loop (#4085)
This commit is contained in:
parent
8d16ee946c
commit
843f7893d6
|
@ -3581,11 +3581,20 @@ static void valueFlowForwardLifetime(Token * tok, TokenList *tokenlist, ErrorLog
|
||||||
if (!expr)
|
if (!expr)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
|
if (expr->exprId() == 0)
|
||||||
|
return;
|
||||||
|
|
||||||
const Token* endOfVarScope = getEndOfExprScope(expr);
|
const Token* endOfVarScope = getEndOfExprScope(expr);
|
||||||
|
|
||||||
// Only forward lifetime values
|
// Only forward lifetime values
|
||||||
std::list<ValueFlow::Value> values = parent->astOperand2()->values();
|
std::list<ValueFlow::Value> values = parent->astOperand2()->values();
|
||||||
values.remove_if(&isNotLifetimeValue);
|
values.remove_if(&isNotLifetimeValue);
|
||||||
|
// Dont forward lifetimes that overlap
|
||||||
|
values.remove_if([&](const ValueFlow::Value& value) {
|
||||||
|
return findAstNode(value.tokvalue, [&](const Token* child) {
|
||||||
|
return child->exprId() == expr->exprId();
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
// Skip RHS
|
// Skip RHS
|
||||||
const Token *nextExpression = nextAfterAstRightmostLeaf(parent);
|
const Token *nextExpression = nextAfterAstRightmostLeaf(parent);
|
||||||
|
|
|
@ -137,6 +137,7 @@ private:
|
||||||
TEST_CASE(nullpointer91); // #10678
|
TEST_CASE(nullpointer91); // #10678
|
||||||
TEST_CASE(nullpointer92);
|
TEST_CASE(nullpointer92);
|
||||||
TEST_CASE(nullpointer93); // #3929
|
TEST_CASE(nullpointer93); // #3929
|
||||||
|
TEST_CASE(nullpointer94); // #11040
|
||||||
TEST_CASE(nullpointer_addressOf); // address of
|
TEST_CASE(nullpointer_addressOf); // address of
|
||||||
TEST_CASE(nullpointerSwitch); // #2626
|
TEST_CASE(nullpointerSwitch); // #2626
|
||||||
TEST_CASE(nullpointer_cast); // #4692
|
TEST_CASE(nullpointer_cast); // #4692
|
||||||
|
@ -2732,6 +2733,19 @@ private:
|
||||||
ASSERT_EQUALS("[test.cpp:7]: (error) Null pointer dereference: myNull\n", errout.str());
|
ASSERT_EQUALS("[test.cpp:7]: (error) Null pointer dereference: myNull\n", errout.str());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void nullpointer94() // #11040
|
||||||
|
{
|
||||||
|
check("struct entry { struct entry* next; size_t len; };\n"
|
||||||
|
"void f(struct entry **kep, size_t slen) {\n"
|
||||||
|
" while (*kep)\n"
|
||||||
|
" kep = &(*kep)->next;\n"
|
||||||
|
" *kep = (struct entry*)malloc(sizeof(**kep));\n"
|
||||||
|
" (*kep)->next = 0;\n"
|
||||||
|
" (*kep)->len = slen;\n"
|
||||||
|
"}\n");
|
||||||
|
ASSERT_EQUALS("", errout.str());
|
||||||
|
}
|
||||||
|
|
||||||
void nullpointer_addressOf() { // address of
|
void nullpointer_addressOf() { // address of
|
||||||
check("void f() {\n"
|
check("void f() {\n"
|
||||||
" struct X *x = 0;\n"
|
" struct X *x = 0;\n"
|
||||||
|
|
Loading…
Reference in New Issue