UninitVar: too many warnings (pointer dereference)

lib/astutils.cpp

@@ -3186,3 +3186,8 @@ bool FwdAnalysis::isEscapedAlias(const Token* expr)
     }
     return false;
 }
+
+bool isSizeOfEtc(const Token *tok)
+{
+    return Token::Match(tok, "sizeof|typeof|offsetof|decltype|__typeof__ (");
+}

lib/astutils.h

@@ -376,4 +376,6 @@ private:
     bool mValueFlowKnown;
 };
 
+bool isSizeOfEtc(const Token *tok);
+
 #endif // astutilsH

lib/checkuninitvar.cpp

@@ -50,11 +50,6 @@ namespace {
 
 //---------------------------------------------------------------------------
 
-bool isSizeOfEtc(const Token *tok)
-{
-    return Token::Match(tok, "sizeof|typeof|offsetof|decltype|__typeof__ (");
-}
-
 // get ast parent, skip possible address-of and casts
 static const Token *getAstParentSkipPossibleCastAndAddressOf(const Token *vartok, bool *unknown)
 {

lib/forwardanalyzer.cpp

@@ -5,6 +5,7 @@
 #include "symboldatabase.h"
 #include "token.h"
 #include "valueptr.h"
+#include "checknullpointer.h" // UninitValue => isPointerDeref
 
 #include <algorithm>
 #include <cstdio>
@@ -12,8 +13,6 @@
 #include <tuple>
 #include <utility>
 
-bool isSizeOfEtc(const Token *tok);
-
 struct OnExit {
     std::function<void()> f;
 
@@ -200,6 +199,11 @@ struct ForwardTraversal {
             // uninit value => skip further analysis
             auto v = std::find_if(tok->values().begin(), tok->values().end(), std::mem_fn(&ValueFlow::Value::isUninitValue));
             if (v != tok->values().end()) {
+                if (tok->valueType() && tok->valueType()->pointer > 0) {
+                    bool unknown = false;
+                    if (CheckNullPointer::isPointerDeRef(tok, unknown, settings))
+                        return Break(Analyzer::Terminate::Modified);
+                }
                 if (Token::Match(tok->astParent(), "[,(]") && !isSizeOfEtc(tok->astParent()->previous()))
                     return Break(Analyzer::Terminate::Modified);
             }

test/testvalueflow.cpp

@@ -4661,9 +4661,9 @@ private:
                "};\n"
                "\n"
                "void copy_wcs(wcsstruct *wcsin) {\n"
-               "   wcsstruct *x;\n"
-               "   memcpy(wcsin, x, sizeof(wcsstruct));\n" // <- True positive
-               "   x->wcsprm = NULL;\n" // <- False positive
+               "    wcsstruct *x;\n"
+               "    memcpy(wcsin, x, sizeof(wcsstruct));\n" // <- True positive
+               "    x->wcsprm = NULL;\n" // <- False positive
                "}";
         values = tokenValues(code, "x . wcsprm", ValueFlow::Value::ValueType::UNINIT);
         ASSERT_EQUALS(0, values.size());
@@ -4673,12 +4673,29 @@ private:
                "};\n"
                "\n"
                "void copy_wcs(wcsstruct *wcsin) {\n"
-               "   wcsstruct *x;\n"
-               "   sizeof(x);\n"
-               "   x->wcsprm = NULL;\n" // <- Warn
+               "    wcsstruct *x;\n"
+               "    sizeof(x);\n"
+               "    x->wcsprm = NULL;\n" // <- Warn
                "}";
         values = tokenValues(code, "x . wcsprm", ValueFlow::Value::ValueType::UNINIT);
         ASSERT_EQUALS(1, values.size());
+
+        code = "struct wcsstruct {\n"
+               "    int *wcsprm;\n"
+               "};\n"
+               "\n"
+               "void init_wcs(wcsstruct *x) { if (x->wcsprm != NULL); }\n" // <- False positive
+               "\n"
+               "void copy_wcs() {\n"
+               "    wcsstruct *x;\n"
+               "    x->wcsprm = NULL;\n" // <- True positive
+               "    init_wcs(x);\n" // <- False positive
+               "}";
+        values = tokenValues(code, "x . wcsprm != NULL", ValueFlow::Value::ValueType::UNINIT);
+        ASSERT_EQUALS(0, values.size());
+        values = tokenValues(code, "x )", ValueFlow::Value::ValueType::UNINIT);
+        ASSERT_EQUALS(0, values.size());
+
     }
 
     void valueFlowConditionExpressions() {