Null pointer: fixed false negative when dereferencing struct and then checking if it's null. Ticket: #2379

This commit is contained in:
Daniel Marjamäki 2011-02-19 21:01:38 +01:00
parent e6eb160395
commit e7ef1b3627
2 changed files with 29 additions and 4 deletions

View File

@ -350,8 +350,19 @@ void CheckNullPointer::nullPointerStructByDeRefAndChec()
continue; continue;
} }
/**
* @todo There are lots of false negatives here. A dereference
* is only investigated if a few specific conditions are met.
*/
// dereference in assignment // dereference in assignment
if (Token::Match(tok1, "[{};] %var% = %var% . %var%")) if (Token::Match(tok1, "[;{}] %var% . %var%"))
{
tok1 = tok1->next();
}
// dereference in assignment
else if (Token::Match(tok1, "[{};] %var% = %var% . %var%"))
{ {
if (std::string(tok1->strAt(1)) == tok1->strAt(3)) if (std::string(tok1->strAt(1)) == tok1->strAt(3))
continue; continue;

View File

@ -193,13 +193,27 @@ private:
"}\n"); "}\n");
ASSERT_EQUALS("[test.cpp:3]: (error) Possible null pointer dereference: abc - otherwise it is redundant to check if abc is null at line 4\n", errout.str()); ASSERT_EQUALS("[test.cpp:3]: (error) Possible null pointer dereference: abc - otherwise it is redundant to check if abc is null at line 4\n", errout.str());
check("void foo(struct ABC *abc)\n" check("void foo(struct ABC *abc) {\n"
"{\n"
" bar(abc->a);\n" " bar(abc->a);\n"
" if (!abc)\n" " if (!abc)\n"
" ;\n" " ;\n"
"}\n"); "}\n");
ASSERT_EQUALS("[test.cpp:3]: (error) Possible null pointer dereference: abc - otherwise it is redundant to check if abc is null at line 4\n", errout.str()); ASSERT_EQUALS("[test.cpp:2]: (error) Possible null pointer dereference: abc - otherwise it is redundant to check if abc is null at line 3\n", errout.str());
check("void foo(ABC *abc) {\n"
" abc->do_something();\n"
" if (abc)\n"
" ;\n"
"}\n");
ASSERT_EQUALS("[test.cpp:2]: (error) Possible null pointer dereference: abc - otherwise it is redundant to check if abc is null at line 3\n", errout.str());
// TODO: False negative if member of member is dereferenced
check("void foo(ABC *abc) {\n"
" abc->next->a = 0;\n"
" if (abc->next)\n"
" ;\n"
"}\n");
TODO_ASSERT_EQUALS("[test.cpp:2]: (error) Possible null pointer dereference: abc - otherwise it is redundant to check if abc is null at line 3\n", "", errout.str());
// ok dereferencing in a condition // ok dereferencing in a condition
check("void foo(struct ABC *abc)\n" check("void foo(struct ABC *abc)\n"