walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Fixed #1704 (false negative: null pointer dereference)

This commit is contained in:
Daniel Marjamäki 2010-05-26 19:16:42 +02:00
parent 619cfbc56f
commit 88e9a4ade6
3 changed files with 43 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
lib/checkother.cpp
View File

@ -2188,7 +2188,34 @@ void CheckOther::nullPointer()
nullPointerByDeRefAndChec(); nullPointerByDeRefAndChec();
} }
/** Derefencing null constant (simplified token list) */
void CheckOther::nullConstantDereference()
{
for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next())
{
if (tok->str() == "(" && Token::simpleMatch(tok->previous(), "sizeof"))
tok = tok->link();
else if (Token::simpleMatch(tok, "exit ( )"))
{
while (tok && tok->str() != "}")
{
if (tok->str() == "{")
tok = tok->link();
tok = tok->next();
}
}
else if (Token::simpleMatch(tok, "* 0"))
{
if (Token::Match(tok->previous(), "[;{}=+-/(,]") ||
Token::Match(tok->previous(), "return|<<"))
{
nullPointerError(tok);
}
}
}
}
/** /**
* \brief parse a function call and extract information about variable usage * \brief parse a function call and extract information about variable usage
@ -2409,19 +2436,6 @@ private:
bailOutVar(checks, tok.varId()); bailOutVar(checks, tok.varId());
} }
else if (Token::simpleMatch(&tok, "* 0"))
{
if (Token::Match(tok.previous(), "[;{}=+-/(,]") ||
Token::Match(tok.previous(), "return|<<"))
{
CheckOther *checkOther = dynamic_cast<CheckOther *>(owner);
if (checkOther)
{
checkOther->nullPointerError(&tok);
}
}
}
else if (tok.str() == "delete") else if (tok.str() == "delete")
{ {
const Token *ret = tok.next(); const Token *ret = tok.next();

5
lib/checkother.h
View File

@ -80,6 +80,8 @@ public:
checkOther.checkMathFunctions(); checkOther.checkMathFunctions();
checkOther.checkFflushOnInputStream(); checkOther.checkFflushOnInputStream();
checkOther.nullConstantDereference();
// New type of check: Check execution paths // New type of check: Check execution paths
checkOther.executionPaths(); checkOther.executionPaths();
} }
@ -141,6 +143,9 @@ public:
/** @brief possible null pointer dereference */ /** @brief possible null pointer dereference */
void nullPointer(); void nullPointer();
/** @brief dereferencing null constant (after Tokenizer::simplifyKnownVariables) */
void nullConstantDereference();
/** @brief new type of check: check execution paths */ /** @brief new type of check: check execution paths */
void executionPaths(); void executionPaths();

11
test/testother.cpp
View File

@ -702,6 +702,7 @@ private:
checkOther.nullPointer(); checkOther.nullPointer();
tokenizer.simplifyTokenList(); tokenizer.simplifyTokenList();
checkOther.nullConstantDereference();
checkOther.executionPaths(); checkOther.executionPaths();
} }
@ -978,6 +979,7 @@ private:
ASSERT_EQUALS("", errout.str()); ASSERT_EQUALS("", errout.str());
} }
// Execution paths..
void nullpointer6() void nullpointer6()
{ {
// errors.. // errors..
@ -1038,6 +1040,15 @@ private:
"}\n"); "}\n");
ASSERT_EQUALS("[test.cpp:7]: (error) Possible null pointer dereference: c\n", errout.str()); ASSERT_EQUALS("[test.cpp:7]: (error) Possible null pointer dereference: c\n", errout.str());
checkNullPointer("void f()\n"
"{\n"
" if (x) {\n"
" char *c = 0;\n"
" *c = 0;\n"
" }\n"
"}\n");
ASSERT_EQUALS("[test.cpp:5]: (error) Null pointer dereference\n", errout.str());
// no false positive.. // no false positive..
checkNullPointer("static void foo()\n" checkNullPointer("static void foo()\n"
"{\n" "{\n"