daca reports new false positives after db4f94fdfe on the form:
void f() {
char *ptr = malloc(10);
char *empty_str = "";
if (ptr == NULL)
ptr = empty_str;
if (ptr != empty_str)
free(ptr);
}
Add a check that the value is not impossible to avoid this.
Spotted by coverity (as the condition in the `if` part `isArrayVar(tok)`
dereferences tok.
Tok can't be null here, because the condition in the `else if`on line
268 checks that there is a `%var%` following, and
`tok = Token::findmatch(tok->next(), "%var%");` simply gets this `%var%`
token.
* Follow reference when tracking local variables
* Fix issue 9639: False positive: Returning object that points to local variable that will be invalid when returning
* Use lifetimes to check for returning reference to temporaries
* Check for dangling temporaries
* Check for unknown types for returining by reference
* Remove old returnTemporary check
* Format
* Check for deref op
* Ternary operator return an lvalue reference
* Warn when returning temporaries from member functions
* Improve handling of pointer to function
* Extend lifetimes of const references
This will now warn when doing something like this:
```cpp
template <class T, class K, class V>
const V& get_default(const T& t, const K& k, const V& v) {
auto it = t.find(k);
if (it == t.end()) return v;
return it->second;
}
const int& bar(const std::unordered_map<int, int>& m, int k) {
auto x = 0;
return get_default(m, k, x);
}
```
The lifetime warning is considered inconclusive in this case.
I also updated valueflow to no tinject inconclusive values unless `--inconclusive` flag is passed. This creates some false negatives because library functions are not configured to not modify their input parameters, and there are some checks that do not check if the value is inconclusive or not.
This will diagnose more issues such as:
```cpp
void f(std::vector<int> &v) {
auto v0 = v.begin();
v.push_back(123);
std::cout << *v0 << std::endl;
}
```
This switches to use lifetime analysis to check for assigning to non-local variables:
```cpp
class test
{
public:
void f()
{
int x;
this->ptr = &x;
}
protected:
int *ptr;
};
```
Rikard Falkeborn
Paul Fultz II
Daniel Marjamäki
Paul Fultz II
Ken-Patrick Lehrmann
Oliver Stöneberg
PKEuS
PKEuS
orbitcowboy