From a2b30c780122f8b48bed894bd92f70ecc19d4ed1 Mon Sep 17 00:00:00 2001
From: Dmitry-Me <wipedout@yandex.ru>
Date: Fri, 12 Sep 2014 10:19:00 +0400
Subject: [PATCH] Detect -> accesses on uninitialized pointers

---
 lib/checknullpointer.cpp | 10 ----------
 lib/checkuninitvar.cpp   | 15 +++++++++++++++
 test/testuninitvar.cpp   | 40 +++++++++++++++++++++++++++++++++++++---
 3 files changed, 52 insertions(+), 13 deletions(-)

diff --git a/lib/checknullpointer.cpp b/lib/checknullpointer.cpp
index ea0ed9632..545d91892 100644
--- a/lib/checknullpointer.cpp
+++ b/lib/checknullpointer.cpp
@@ -168,16 +168,6 @@ bool CheckNullPointer::isPointerDeRef(const Token *tok, bool &unknown)
 
     // read/write member variable
     if (firstOperand && parent->str() == "." && (!parent->astParent() || parent->astParent()->str() != "&")) {
-        const Token* rightTok = parent->astOperand2();
-        if (rightTok) {
-            const Function* func = rightTok->function();
-            if (func && func->isStatic)
-                return false;
-            const Variable* var = rightTok->variable();
-            if (var && var->isStatic()) {
-                return false;
-            }
-        }
         if (!parent->astParent() || parent->astParent()->str() != "(" || parent->astParent() == tok->previous())
             return true;
         unknown = true;
diff --git a/lib/checkuninitvar.cpp b/lib/checkuninitvar.cpp
index c08ada579..d04d07fb0 100644
--- a/lib/checkuninitvar.cpp
+++ b/lib/checkuninitvar.cpp
@@ -1671,6 +1671,21 @@ bool CheckUninitVar::isVariableUsage(const Token *vartok, bool pointer, bool all
     if (Token::Match(vartok->tokAt(-3), "typeof|__alignof__ ( * %var%"))
         return false;
 
+    // Accessing Rvalue member using "." or "->" 
+    if (vartok->strAt(1) == "." && vartok->strAt(-1) != "&") {
+        bool assignment = false;
+        const Token* parent = vartok->astParent();
+        while (parent) {
+            if (parent->str() == "=") {
+                assignment = true;
+                break;
+            }
+            parent = parent->astParent();
+        }
+        if(!assignment) 
+            return true;
+    }
+
     // Passing variable to function..
     if (Token::Match(vartok->previous(), "[(,] %var% [,)]") || Token::Match(vartok->tokAt(-2), "[(,] & %var% [,)]")) {
         const bool address(vartok->previous()->str() == "&");
diff --git a/test/testuninitvar.cpp b/test/testuninitvar.cpp
index b43723bd2..a1e9b1f20 100644
--- a/test/testuninitvar.cpp
+++ b/test/testuninitvar.cpp
@@ -3171,7 +3171,15 @@ private:
                         "void test() {\n"
                         "    Element *element; element->f();\n"
                         "}");
-        ASSERT_EQUALS("", errout.str());
+        ASSERT_EQUALS("[test.cpp:5]: (error) Uninitialized variable: element\n", errout.str());
+
+        checkUninitVar2("class Element {\n"
+                        "    static void f() { }\n"
+                        "};\n"
+                        "void test() {\n"
+                        "    Element *element; (*element).f();\n"
+                        "}");
+        ASSERT_EQUALS("[test.cpp:5]: (error) Uninitialized variable: element\n", errout.str());
 
         checkUninitVar2("class Element {\n"
                         "    static int v;\n"
@@ -3179,7 +3187,15 @@ private:
                         "void test() {\n"
                         "    Element *element; element->v;\n"
                         "}");
-        ASSERT_EQUALS("", errout.str());
+        ASSERT_EQUALS("[test.cpp:5]: (error) Uninitialized variable: element\n", errout.str());
+
+        checkUninitVar2("class Element {\n"
+                        "    static int v;\n"
+                        "};\n"
+                        "void test() {\n"
+                        "    Element *element; (*element).v;\n"
+                        "}");
+        ASSERT_EQUALS("[test.cpp:5]: (error) Uninitialized variable: element\n", errout.str());
 
         checkUninitVar2("class Element {\n"
                         "    void f() { }\n"
@@ -3189,6 +3205,14 @@ private:
                         "}");
         ASSERT_EQUALS("[test.cpp:5]: (error) Uninitialized variable: element\n", errout.str());
 
+        checkUninitVar2("class Element {\n"
+                        "    void f() { }\n"
+                        "};\n"
+                        "void test() {\n"
+                        "    Element *element; (*element).f();\n"
+                        "}");
+        ASSERT_EQUALS("[test.cpp:5]: (error) Uninitialized variable: element\n", errout.str());
+
         checkUninitVar2("class Element {\n"
                         "    int v;\n"
                         "};\n"
@@ -3197,6 +3221,14 @@ private:
                         "}");
         ASSERT_EQUALS("[test.cpp:5]: (error) Uninitialized variable: element\n", errout.str());
 
+        checkUninitVar2("class Element {\n"
+                        "    int v;\n"
+                        "};\n"
+                        "void test() {\n"
+                        "    Element *element; (*element).v;\n"
+                        "}");
+        ASSERT_EQUALS("[test.cpp:5]: (error) Uninitialized variable: element\n", errout.str());
+
         checkUninitVar2("void f() {\n" // #4911 - bad simplification => don't crash
                         "    int a;\n"
                         "    do { a=do_something() } while (a);\n"
@@ -3429,7 +3461,9 @@ private:
                         "    struct AB *ab = malloc(sizeof(struct AB));\n"
                         "    return ab->a;\n"
                         "}");
-        ASSERT_EQUALS("[test.cpp:4]: (error) Uninitialized struct member: ab.a\n", errout.str());
+        ASSERT_EQUALS(  "[test.cpp:4]: (error) Memory is allocated but not initialized: ab\n"
+                        "[test.cpp:4]: (error) Uninitialized struct member: ab.a\n",
+                        errout.str());
 
         checkUninitVar2("struct t_udf_file {  int dir_left; };\n"
                         "\n"