Detect -> accesses on uninitialized pointers

This commit is contained in:
Dmitry-Me 2014-09-12 10:19:00 +04:00
parent bb0b4c2b4a
commit a2b30c7801
3 changed files with 52 additions and 13 deletions

View File

@ -168,16 +168,6 @@ bool CheckNullPointer::isPointerDeRef(const Token *tok, bool &unknown)
// read/write member variable // read/write member variable
if (firstOperand && parent->str() == "." && (!parent->astParent() || parent->astParent()->str() != "&")) { if (firstOperand && parent->str() == "." && (!parent->astParent() || parent->astParent()->str() != "&")) {
const Token* rightTok = parent->astOperand2();
if (rightTok) {
const Function* func = rightTok->function();
if (func && func->isStatic)
return false;
const Variable* var = rightTok->variable();
if (var && var->isStatic()) {
return false;
}
}
if (!parent->astParent() || parent->astParent()->str() != "(" || parent->astParent() == tok->previous()) if (!parent->astParent() || parent->astParent()->str() != "(" || parent->astParent() == tok->previous())
return true; return true;
unknown = true; unknown = true;

View File

@ -1671,6 +1671,21 @@ bool CheckUninitVar::isVariableUsage(const Token *vartok, bool pointer, bool all
if (Token::Match(vartok->tokAt(-3), "typeof|__alignof__ ( * %var%")) if (Token::Match(vartok->tokAt(-3), "typeof|__alignof__ ( * %var%"))
return false; return false;
// Accessing Rvalue member using "." or "->"
if (vartok->strAt(1) == "." && vartok->strAt(-1) != "&") {
bool assignment = false;
const Token* parent = vartok->astParent();
while (parent) {
if (parent->str() == "=") {
assignment = true;
break;
}
parent = parent->astParent();
}
if(!assignment)
return true;
}
// Passing variable to function.. // Passing variable to function..
if (Token::Match(vartok->previous(), "[(,] %var% [,)]") || Token::Match(vartok->tokAt(-2), "[(,] & %var% [,)]")) { if (Token::Match(vartok->previous(), "[(,] %var% [,)]") || Token::Match(vartok->tokAt(-2), "[(,] & %var% [,)]")) {
const bool address(vartok->previous()->str() == "&"); const bool address(vartok->previous()->str() == "&");

View File

@ -3171,7 +3171,15 @@ private:
"void test() {\n" "void test() {\n"
" Element *element; element->f();\n" " Element *element; element->f();\n"
"}"); "}");
ASSERT_EQUALS("", errout.str()); ASSERT_EQUALS("[test.cpp:5]: (error) Uninitialized variable: element\n", errout.str());
checkUninitVar2("class Element {\n"
" static void f() { }\n"
"};\n"
"void test() {\n"
" Element *element; (*element).f();\n"
"}");
ASSERT_EQUALS("[test.cpp:5]: (error) Uninitialized variable: element\n", errout.str());
checkUninitVar2("class Element {\n" checkUninitVar2("class Element {\n"
" static int v;\n" " static int v;\n"
@ -3179,7 +3187,15 @@ private:
"void test() {\n" "void test() {\n"
" Element *element; element->v;\n" " Element *element; element->v;\n"
"}"); "}");
ASSERT_EQUALS("", errout.str()); ASSERT_EQUALS("[test.cpp:5]: (error) Uninitialized variable: element\n", errout.str());
checkUninitVar2("class Element {\n"
" static int v;\n"
"};\n"
"void test() {\n"
" Element *element; (*element).v;\n"
"}");
ASSERT_EQUALS("[test.cpp:5]: (error) Uninitialized variable: element\n", errout.str());
checkUninitVar2("class Element {\n" checkUninitVar2("class Element {\n"
" void f() { }\n" " void f() { }\n"
@ -3189,6 +3205,14 @@ private:
"}"); "}");
ASSERT_EQUALS("[test.cpp:5]: (error) Uninitialized variable: element\n", errout.str()); ASSERT_EQUALS("[test.cpp:5]: (error) Uninitialized variable: element\n", errout.str());
checkUninitVar2("class Element {\n"
" void f() { }\n"
"};\n"
"void test() {\n"
" Element *element; (*element).f();\n"
"}");
ASSERT_EQUALS("[test.cpp:5]: (error) Uninitialized variable: element\n", errout.str());
checkUninitVar2("class Element {\n" checkUninitVar2("class Element {\n"
" int v;\n" " int v;\n"
"};\n" "};\n"
@ -3197,6 +3221,14 @@ private:
"}"); "}");
ASSERT_EQUALS("[test.cpp:5]: (error) Uninitialized variable: element\n", errout.str()); ASSERT_EQUALS("[test.cpp:5]: (error) Uninitialized variable: element\n", errout.str());
checkUninitVar2("class Element {\n"
" int v;\n"
"};\n"
"void test() {\n"
" Element *element; (*element).v;\n"
"}");
ASSERT_EQUALS("[test.cpp:5]: (error) Uninitialized variable: element\n", errout.str());
checkUninitVar2("void f() {\n" // #4911 - bad simplification => don't crash checkUninitVar2("void f() {\n" // #4911 - bad simplification => don't crash
" int a;\n" " int a;\n"
" do { a=do_something() } while (a);\n" " do { a=do_something() } while (a);\n"
@ -3429,7 +3461,9 @@ private:
" struct AB *ab = malloc(sizeof(struct AB));\n" " struct AB *ab = malloc(sizeof(struct AB));\n"
" return ab->a;\n" " return ab->a;\n"
"}"); "}");
ASSERT_EQUALS("[test.cpp:4]: (error) Uninitialized struct member: ab.a\n", errout.str()); ASSERT_EQUALS( "[test.cpp:4]: (error) Memory is allocated but not initialized: ab\n"
"[test.cpp:4]: (error) Uninitialized struct member: ab.a\n",
errout.str());
checkUninitVar2("struct t_udf_file { int dir_left; };\n" checkUninitVar2("struct t_udf_file { int dir_left; };\n"
"\n" "\n"