From d9eacaecbbcb92eb26f4fb4e1816dcbac4e49d43 Mon Sep 17 00:00:00 2001
From: Paul Fultz II <pfultz2@yahoo.com>
Date: Wed, 23 Sep 2020 00:45:03 -0500
Subject: [PATCH] Fix issue 9842: ValueFlow: wrong handling of ?, seems to
 think that the whole expression is a condition (#2821)

---
 lib/valueflow.cpp        |  7 +++++--
 test/testnullpointer.cpp | 14 ++++++++++++++
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/lib/valueflow.cpp b/lib/valueflow.cpp
index ad60ed806..0b22740d0 100644
--- a/lib/valueflow.cpp
+++ b/lib/valueflow.cpp
@@ -2033,9 +2033,12 @@ static void valueFlowBeforeCondition(TokenList *tokenlist, SymbolDatabase *symbo
                        Token::Match(tok, "%oror%|&& %name% %oror%|&&|)")) {
                 vartok = tok->next();
                 num = 0;
-            } else if (Token::Match(tok, "[!?]") && Token::Match(tok->astOperand1(), "%name%")) {
+            } else if (Token::simpleMatch(tok, "!") && Token::Match(tok->astOperand1(), "%name%")) {
                 vartok = tok->astOperand1();
                 num = 0;
+            } else if (Token::simpleMatch(tok->astParent(), "?") && Token::Match(tok, "%name%")) {
+                vartok = tok;
+                num = 0;
             } else {
                 continue;
             }
@@ -2046,7 +2049,7 @@ static void valueFlowBeforeCondition(TokenList *tokenlist, SymbolDatabase *symbo
             if (varid == 0U || !var)
                 continue;
 
-            if (tok->str() == "?" && tok->isExpandedMacro()) {
+            if (Token::simpleMatch(tok->astParent(), "?") && tok->astParent()->isExpandedMacro()) {
                 if (settings->debugwarnings)
                     bailout(tokenlist, errorLogger, tok, "variable " + var->name() + ", condition is defined in macro");
                 continue;
diff --git a/test/testnullpointer.cpp b/test/testnullpointer.cpp
index 19e513b79..6a4883413 100644
--- a/test/testnullpointer.cpp
+++ b/test/testnullpointer.cpp
@@ -100,6 +100,7 @@ private:
         TEST_CASE(nullpointer57); // #9751
         TEST_CASE(nullpointer58); // #9807
         TEST_CASE(nullpointer59); // #9897
+        TEST_CASE(nullpointer60); // #9842
         TEST_CASE(nullpointer_addressOf); // address of
         TEST_CASE(nullpointerSwitch); // #2626
         TEST_CASE(nullpointer_cast); // #4692
@@ -1878,6 +1879,19 @@ private:
         ASSERT_EQUALS("", errout.str());
     }
 
+    void nullpointer60() {
+        check("void f(){\n"
+              "    char uuid[128];\n"
+              "    char *s1;\n"
+              "    memset(uuid, 0, sizeof(uuid));\n"
+              "    s1 = strchr(uuid, '=');\n"
+              "    s1 = s1 ? s1 + 1 : &uuid[5];\n"
+              "    if (!strcmp(\"00000000000000000000000000000000\", s1) )\n"
+              "        return;\n"
+              "}\n");
+        ASSERT_EQUALS("", errout.str());
+    }
+
     void nullpointer_addressOf() { // address of
         check("void f() {\n"
               "  struct X *x = 0;\n"