From f9337b725b39c5e04e94ffe508a5467742e49868 Mon Sep 17 00:00:00 2001
From: chrchr-github <78114321+chrchr-github@users.noreply.github.com>
Date: Mon, 11 Jul 2022 22:58:08 +0200
Subject: [PATCH] Fix nullptr deref (#4262)

* Fix some FNs related to c_str()

* Format, fix FP

* Fix nullptr deref

* Fix merge
---
 lib/checkstl.cpp | 9 +++++----
 test/teststl.cpp | 7 +++++++
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/lib/checkstl.cpp b/lib/checkstl.cpp
index 845bf5a8a..40a6469cb 100644
--- a/lib/checkstl.cpp
+++ b/lib/checkstl.cpp
@@ -1954,7 +1954,7 @@ void CheckStl::string_c_str()
                     if (var->isPointer())
                         string_c_strError(tok);
                 } else if (printPerformance && Token::Match(tok->tokAt(2), "%var% . c_str|data ( ) ;")) {
-                    if (tok->variable()->isStlStringType() && tok->tokAt(2)->variable()->isStlStringType())
+                    if (tok->variable() && tok->variable()->isStlStringType() && tok->tokAt(2)->variable() && tok->tokAt(2)->variable()->isStlStringType())
                         string_c_strAssignment(tok);
                 }
             } else if (printPerformance && tok->function() && Token::Match(tok, "%name% ( !!)") && tok->str() != scope.className) {
@@ -1989,11 +1989,12 @@ void CheckStl::string_c_str()
 
                     }
                 }
-            } else if (printPerformance && Token::Match(tok, "%var% (|{ %var% . c_str|data ( )") && tok->variable()->isStlStringType() && tok->tokAt(2)->variable()->isStlStringType()) {
+            } else if (printPerformance && Token::Match(tok, "%var% (|{ %var% . c_str|data ( )") &&
+                       tok->variable() && tok->variable()->isStlStringType() && tok->tokAt(2)->variable() && tok->tokAt(2)->variable()->isStlStringType()) {
                 string_c_strConstructor(tok);
             } else if (printPerformance && tok->next() && tok->next()->variable() && tok->next()->variable()->isStlStringType() && tok->valueType() && tok->valueType()->type == ValueType::CONTAINER &&
-                       ((Token::Match(tok->previous(), "%var% + %var% . c_str|data ( )") && tok->previous()->variable()->isStlStringType()) ||
-                        (Token::Match(tok->tokAt(-5), "%var% . c_str|data ( ) + %var%") && tok->tokAt(-5)->variable()->isStlStringType()))) {
+                       ((Token::Match(tok->previous(), "%var% + %var% . c_str|data ( )") && tok->previous()->variable() && tok->previous()->variable()->isStlStringType()) ||
+                        (Token::Match(tok->tokAt(-5), "%var% . c_str|data ( ) + %var%") && tok->tokAt(-5)->variable() && tok->tokAt(-5)->variable()->isStlStringType()))) {
                 string_c_strConcat(tok);
             }
 
diff --git a/test/teststl.cpp b/test/teststl.cpp
index 0169118cd..31fd0d54e 100644
--- a/test/teststl.cpp
+++ b/test/teststl.cpp
@@ -4043,6 +4043,13 @@ private:
               "    return a.c_str() + b;\n"
               "}\n");
         ASSERT_EQUALS("[test.cpp:2]: (performance) Concatenating the result of c_str() and a std::string is slow and redundant.\n", errout.str());
+
+        check("std::vector<double> v;\n" // don't crash
+              "int i;\n"
+              "void f() {\n"
+              "    const double* const QM_R__ buf(v.data() + i);\n"
+              "}\n");
+        ASSERT_EQUALS("", errout.str());
     }
 
     void uselessCalls() {