Fixed #440 (NULL referencing not detected)
This commit is contained in:
parent
e1ed22aa2b
commit
fa535ff3ae
|
@ -1252,6 +1252,29 @@ private:
|
||||||
return vartok->next();
|
return vartok->next();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Template pointer variable..
|
||||||
|
if (Token::Match(tok.previous(), "[;{}] %type% ::|<"))
|
||||||
|
{
|
||||||
|
const Token * vartok = &tok;
|
||||||
|
while (Token::Match(vartok, "%type% ::"))
|
||||||
|
vartok = vartok->tokAt(2);
|
||||||
|
if (Token::Match(vartok, "%type% < %type%"))
|
||||||
|
{
|
||||||
|
vartok = vartok->tokAt(3);
|
||||||
|
while (vartok && (vartok->str() == "*" || vartok->isName()))
|
||||||
|
vartok = vartok->next();
|
||||||
|
if (Token::Match(vartok, "> * %var% ;|="))
|
||||||
|
{
|
||||||
|
vartok = vartok->tokAt(2);
|
||||||
|
checks.push_back(new CheckNullpointer(owner, vartok->varId(), vartok->str()));
|
||||||
|
if (Token::simpleMatch(vartok->next(), "= 0 ;"))
|
||||||
|
setnull(checks, vartok->varId());
|
||||||
|
return vartok->next();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
if (Token::Match(&tok, "%var% ("))
|
if (Token::Match(&tok, "%var% ("))
|
||||||
{
|
{
|
||||||
// parse usage..
|
// parse usage..
|
||||||
|
@ -1554,6 +1577,25 @@ private:
|
||||||
declare(checks, vartok, tok, false, true);
|
declare(checks, vartok, tok, false, true);
|
||||||
return vartok->next()->link()->next();
|
return vartok->next()->link()->next();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Template pointer variable..
|
||||||
|
if (Token::Match(tok.previous(), "[;{}] %type% ::|<"))
|
||||||
|
{
|
||||||
|
const Token * vartok = &tok;
|
||||||
|
while (Token::Match(vartok, "%type% ::"))
|
||||||
|
vartok = vartok->tokAt(2);
|
||||||
|
if (Token::Match(vartok, "%type% < %type%"))
|
||||||
|
{
|
||||||
|
vartok = vartok->tokAt(3);
|
||||||
|
while (vartok && (vartok->str() == "*" || vartok->isName()))
|
||||||
|
vartok = vartok->next();
|
||||||
|
if (Token::Match(vartok, "> * %var% ;"))
|
||||||
|
{
|
||||||
|
declare(checks, vartok->tokAt(2), tok, true, false);
|
||||||
|
return vartok->tokAt(2);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (tok.varId())
|
if (tok.varId())
|
||||||
|
@ -1646,6 +1688,7 @@ private:
|
||||||
|
|
||||||
// is the variable passed as a parameter to some function?
|
// is the variable passed as a parameter to some function?
|
||||||
unsigned int parlevel = 0;
|
unsigned int parlevel = 0;
|
||||||
|
std::set<unsigned int> bailouts;
|
||||||
for (const Token *tok2 = tok.next(); tok2; tok2 = tok2->next())
|
for (const Token *tok2 = tok.next(); tok2; tok2 = tok2->next())
|
||||||
{
|
{
|
||||||
if (tok2->str() == "(")
|
if (tok2->str() == "(")
|
||||||
|
@ -1667,13 +1710,16 @@ private:
|
||||||
|
|
||||||
else if (tok2->varId())
|
else if (tok2->varId())
|
||||||
{
|
{
|
||||||
if (Token::Match(tok2->tokAt(-2), "[(,] *"))
|
if (Token::Match(tok2->tokAt(-2), "[(,] *") || Token::Match(tok2->next(), ". %var%"))
|
||||||
use_dead_pointer(foundError, checks, tok2);
|
use_dead_pointer(foundError, checks, tok2);
|
||||||
|
|
||||||
// it is possible that the variable is initialized here
|
// it is possible that the variable is initialized here
|
||||||
ExecutionPath::bailOutVar(checks, tok2->varId());
|
bailouts.insert(tok2->varId());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
for (std::set<unsigned int>::const_iterator it = bailouts.begin(); it != bailouts.end(); ++it)
|
||||||
|
ExecutionPath::bailOutVar(checks, *it);
|
||||||
}
|
}
|
||||||
|
|
||||||
// function call via function pointer
|
// function call via function pointer
|
||||||
|
|
|
@ -65,6 +65,29 @@ static const Token *checkExecutionPaths_(const Token *tok, std::list<ExecutionPa
|
||||||
if (tok->str() == "}")
|
if (tok->str() == "}")
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
if (Token::simpleMatch(tok, "while ("))
|
||||||
|
{
|
||||||
|
// parse condition
|
||||||
|
if (checks.size() > 10 || check->parseCondition(*tok->tokAt(2), checks))
|
||||||
|
{
|
||||||
|
ExecutionPath::bailOut(checks);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
// skip "while (fgets()!=NULL)"
|
||||||
|
if (Token::simpleMatch(tok, "while ( fgets ("))
|
||||||
|
{
|
||||||
|
const Token *tok2 = tok->tokAt(3)->link();
|
||||||
|
if (Token::simpleMatch(tok2, ") ) {"))
|
||||||
|
{
|
||||||
|
tok = tok2->tokAt(2)->link();
|
||||||
|
if (!tok)
|
||||||
|
break;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// todo: handle for/while
|
// todo: handle for/while
|
||||||
if (Token::Match(tok, "for|while|switch|do"))
|
if (Token::Match(tok, "for|while|switch|do"))
|
||||||
{
|
{
|
||||||
|
|
|
@ -929,6 +929,13 @@ private:
|
||||||
"}\n");
|
"}\n");
|
||||||
ASSERT_EQUALS("[test.cpp:4]: (error) Null pointer dereference\n", errout.str());
|
ASSERT_EQUALS("[test.cpp:4]: (error) Null pointer dereference\n", errout.str());
|
||||||
|
|
||||||
|
checkNullPointer("static void foo(int x)\n"
|
||||||
|
"{\n"
|
||||||
|
" Foo<int> *abc = 0;\n"
|
||||||
|
" abc->a();\n"
|
||||||
|
"}\n");
|
||||||
|
ASSERT_EQUALS("[test.cpp:4]: (error) Possible null pointer dereference: abc\n", errout.str());
|
||||||
|
|
||||||
// no false positive..
|
// no false positive..
|
||||||
checkNullPointer("static void foo()\n"
|
checkNullPointer("static void foo()\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
|
@ -992,6 +999,13 @@ private:
|
||||||
"}\n");
|
"}\n");
|
||||||
ASSERT_EQUALS("[test.cpp:4]: (error) Uninitialized variable: p\n", errout.str());
|
ASSERT_EQUALS("[test.cpp:4]: (error) Uninitialized variable: p\n", errout.str());
|
||||||
|
|
||||||
|
checkUninitVar("static void foo()\n"
|
||||||
|
"{\n"
|
||||||
|
" Foo<int> *p;\n"
|
||||||
|
" p->abcd();\n"
|
||||||
|
"}\n");
|
||||||
|
ASSERT_EQUALS("[test.cpp:4]: (error) Uninitialized variable: p\n", errout.str());
|
||||||
|
|
||||||
checkUninitVar("static void foo()\n"
|
checkUninitVar("static void foo()\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
" int *p;\n"
|
" int *p;\n"
|
||||||
|
@ -1308,6 +1322,15 @@ private:
|
||||||
"}\n");
|
"}\n");
|
||||||
ASSERT_EQUALS("", errout.str());
|
ASSERT_EQUALS("", errout.str());
|
||||||
|
|
||||||
|
// while..
|
||||||
|
checkUninitVar("int f()\n"
|
||||||
|
"{\n"
|
||||||
|
" int i;\n"
|
||||||
|
" while (fgets())\n"
|
||||||
|
" i = 1;\n"
|
||||||
|
" return i;"
|
||||||
|
"}\n");
|
||||||
|
ASSERT_EQUALS("[test.cpp:6]: (error) Uninitialized variable: i\n", errout.str());
|
||||||
|
|
||||||
// member variables..
|
// member variables..
|
||||||
checkUninitVar("class Fred\n"
|
checkUninitVar("class Fred\n"
|
||||||
|
@ -1365,6 +1388,13 @@ private:
|
||||||
"}\n");
|
"}\n");
|
||||||
ASSERT_EQUALS("", errout.str());
|
ASSERT_EQUALS("", errout.str());
|
||||||
|
|
||||||
|
checkUninitVar("void foo()\n"
|
||||||
|
"{\n"
|
||||||
|
" Foo *p;\n"
|
||||||
|
" x = bar(p->begin());\n"
|
||||||
|
"}\n");
|
||||||
|
ASSERT_EQUALS("[test.cpp:4]: (error) Uninitialized variable: p\n", errout.str());
|
||||||
|
|
||||||
// arrays..
|
// arrays..
|
||||||
checkUninitVar("void f()\n"
|
checkUninitVar("void f()\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
|
|
Loading…
Reference in New Issue