From 995e39200b605e3b8526241a56286eaed19a50c5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= <danielm77@spray.se>
Date: Wed, 27 Oct 2010 20:20:10 +0200
Subject: [PATCH] Fixed #2130 (Invalid possible NULL pointer dereference, etc.)

---
 lib/checkother.cpp |  3 ++-
 lib/checkother.h   |  3 ---
 test/testother.cpp | 21 ++++++++++++++++++---
 3 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/lib/checkother.cpp b/lib/checkother.cpp
index 19d73dba3..b4a9899a4 100644
--- a/lib/checkother.cpp
+++ b/lib/checkother.cpp
@@ -2613,6 +2613,7 @@ void CheckOther::nullPointer()
     nullPointerLinkedList();
     nullPointerStructByDeRefAndChec();
     nullPointerByDeRefAndChec();
+    nullPointerByCheckAndDeRef();
 }
 
 /** Derefencing null constant (simplified token list) */
@@ -2948,7 +2949,7 @@ private:
     {
         while (tok)
         {
-            if (tok->str() == "{" || tok->str() == "}")
+            if (Token::Match(tok, "{|}|return|goto|break|if"))
                 return;
             const Token *next = parse(*tok, checks);
             if (next)
diff --git a/lib/checkother.h b/lib/checkother.h
index 883ff6c37..4f386fe1a 100644
--- a/lib/checkother.h
+++ b/lib/checkother.h
@@ -89,9 +89,6 @@ public:
         // New type of check: Check execution paths
         checkOther.executionPaths();
         checkOther.checkMisusedScopedObject();
-
-        // FIXME: I get a deadlock if I uncomment this:
-        checkOther.nullPointerByCheckAndDeRef();
     }
 
 
diff --git a/test/testother.cpp b/test/testother.cpp
index bb1f845f4..c41394e0a 100644
--- a/test/testother.cpp
+++ b/test/testother.cpp
@@ -613,9 +613,6 @@ private:
         tokenizer.simplifyTokenList();
         checkOther.nullConstantDereference();
         checkOther.executionPaths();
-
-        tokenizer.simplifyTokenList();
-        checkOther.nullPointerByCheckAndDeRef();
     }
 
 
@@ -1125,6 +1122,17 @@ private:
                          "    }\n"
                          "}\n");
         ASSERT_EQUALS("[test.cpp:4]: (error) Possible null pointer dereference: p\n", errout.str());
+
+        checkNullPointer("void f(int a) {\n"
+                         "    const char *p = 0;\n"
+                         "    if (a) {\n"
+                         "    	 p = \"abcd\";\n"
+                         "    }\n"
+                         "    for (int i = 0; i < 3; i++) {\n"
+                         "        if (a && (p[i] == '1'));\n"
+                         "    }\n"
+                         "}\n");
+        ASSERT_EQUALS("", errout.str());
     }
 
     void nullpointer7()
@@ -1204,6 +1212,13 @@ private:
                          "}\n");
         ASSERT_EQUALS("", errout.str());
 
+        // This is why this check can't be used on the simplified token list
+        checkNullPointer("void f(Foo *foo) {\n"
+                         "    if (!dynamic_cast<bar *>(foo)) {\n"
+                         "        *foo = 0;\n"
+                         "    }\n"
+                         "}\n");
+        ASSERT_EQUALS("", errout.str());
     }
 
     void checkUninitVar(const char code[])