Fix 11040: FP nullPointer after loop (#4085)

This commit is contained in:
Paul Fultz II 2022-05-04 23:55:02 -05:00 committed by GitHub
parent 8d16ee946c
commit 843f7893d6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 23 additions and 0 deletions

View File

@ -3581,11 +3581,20 @@ static void valueFlowForwardLifetime(Token * tok, TokenList *tokenlist, ErrorLog
if (!expr) if (!expr)
return; return;
if (expr->exprId() == 0)
return;
const Token* endOfVarScope = getEndOfExprScope(expr); const Token* endOfVarScope = getEndOfExprScope(expr);
// Only forward lifetime values // Only forward lifetime values
std::list<ValueFlow::Value> values = parent->astOperand2()->values(); std::list<ValueFlow::Value> values = parent->astOperand2()->values();
values.remove_if(&isNotLifetimeValue); values.remove_if(&isNotLifetimeValue);
// Dont forward lifetimes that overlap
values.remove_if([&](const ValueFlow::Value& value) {
return findAstNode(value.tokvalue, [&](const Token* child) {
return child->exprId() == expr->exprId();
});
});
// Skip RHS // Skip RHS
const Token *nextExpression = nextAfterAstRightmostLeaf(parent); const Token *nextExpression = nextAfterAstRightmostLeaf(parent);

View File

@ -137,6 +137,7 @@ private:
TEST_CASE(nullpointer91); // #10678 TEST_CASE(nullpointer91); // #10678
TEST_CASE(nullpointer92); TEST_CASE(nullpointer92);
TEST_CASE(nullpointer93); // #3929 TEST_CASE(nullpointer93); // #3929
TEST_CASE(nullpointer94); // #11040
TEST_CASE(nullpointer_addressOf); // address of TEST_CASE(nullpointer_addressOf); // address of
TEST_CASE(nullpointerSwitch); // #2626 TEST_CASE(nullpointerSwitch); // #2626
TEST_CASE(nullpointer_cast); // #4692 TEST_CASE(nullpointer_cast); // #4692
@ -2732,6 +2733,19 @@ private:
ASSERT_EQUALS("[test.cpp:7]: (error) Null pointer dereference: myNull\n", errout.str()); ASSERT_EQUALS("[test.cpp:7]: (error) Null pointer dereference: myNull\n", errout.str());
} }
void nullpointer94() // #11040
{
check("struct entry { struct entry* next; size_t len; };\n"
"void f(struct entry **kep, size_t slen) {\n"
" while (*kep)\n"
" kep = &(*kep)->next;\n"
" *kep = (struct entry*)malloc(sizeof(**kep));\n"
" (*kep)->next = 0;\n"
" (*kep)->len = slen;\n"
"}\n");
ASSERT_EQUALS("", errout.str());
}
void nullpointer_addressOf() { // address of void nullpointer_addressOf() { // address of
check("void f() {\n" check("void f() {\n"
" struct X *x = 0;\n" " struct X *x = 0;\n"