Fixed #1511 (false negative null pointer deref when dereferencing pointers to constants)

2010-03-26 16:44:46 +01:00 · 2010-03-26 16:44:46 +01:00 · c0e09c4cb3
parent a1528d3154
commit c0e09c4cb3
2 changed files with 23 additions and 1 deletions
--- a/lib/checkother.cpp
+++ b/lib/checkother.cpp
@ -1371,6 +1371,7 @@ static void parseFunctionCall(const Token &tok, std::list<const Token *> &var, u
        functionNames1.insert("strcmp");
        functionNames1.insert("strncmp");
        functionNames1.insert("strdup");
+        functionNames1.insert("strndup");
        functionNames1.insert("strlen");
        functionNames1.insert("strstr");
    }
@ -1489,9 +1490,13 @@ private:
    /** parse tokens */
    const Token *parse(const Token &tok, bool &foundError, std::list<ExecutionPath *> &checks) const
    {
-        if (Token::Match(tok.previous(), "[;{}] %type% * %var% ;"))
+        if (Token::Match(tok.previous(), "[;{}] const| %type% * %var% ;"))
        {
            const Token * vartok = tok.tokAt(2);
+
+            if (tok.str() == "const")
+                vartok = vartok->next();
+
            if (vartok->varId() != 0)
                checks.push_back(new CheckNullpointer(owner, vartok->varId(), vartok->str()));
            return vartok->next();
--- a/test/testother.cpp
+++ b/test/testother.cpp
@ -69,6 +69,7 @@ private:
        TEST_CASE(nullpointer5);    // References should not be checked
        TEST_CASE(nullpointer6);
        TEST_CASE(nullpointer7);
+        TEST_CASE(nullpointer8);

        TEST_CASE(uninitvar1);
        TEST_CASE(uninitvar_alloc);     // data is allocated but not initialized
@ -1053,6 +1054,22 @@ private:
        ASSERT_EQUALS("", errout.str());
    }

+    void nullpointer8()
+    {
+        checkNullPointer("void foo()\n"
+                         "{\n"
+                         "  const char * x = 0;\n"
+                         "  strdup(x);\n"
+                         "}\n");
+        ASSERT_EQUALS("[test.cpp:4]: (error) Possible null pointer dereference: x\n", errout.str());
+        checkNullPointer("void foo()\n"
+                         "{\n"
+                         "  char const * x = 0;\n"
+                         "  strdup(x);\n"
+                         "}\n");
+        ASSERT_EQUALS("[test.cpp:4]: (error) Possible null pointer dereference: x\n", errout.str());
+    }
+
    void checkUninitVar(const char code[])
    {
        // Tokenize..