Improve leak detections in if-statements. This is done by checking
for leaks every time a scope is left. This allows cppcheck to catch
more memory leaks, as well as improve some error messages which now
contain the line where the variable goes out of scope, instead of the
end of the function.
Mark realloced variables as realloced instead of freed. This allows
improved checking for code with error realloc handling.
If cppcheck finds an if-statement which checks the validity of the
allocated memory or resource, check if the memory/resource is
reallocated from another variable. If so, we can add checking of that
variable in the if-statement instead. This allows to check that variable
for memleaks and double frees.
This fixes#9292 and #9990 which both concern FPs with double frees
after correct error handling.
```
int *f() {
int *p = static_cast<int *>(realloc(nullptr, 10));
if (!!(!p)) {
return nullptr;
}
return p;
}
```
would give
```
memleak2.cpp:4:5: error: Memory leak: p [memleak]
return nullptr;
^
```
Because of the additional `!!̀ .
Also fix a broken test case related to checking the return value -1
where socket was not defined in the library used in the tests.
This was tested running test-my-pr with 500 packages. The difference was
six fewer FPs.
When the first argument was (void *)(1), at the start of the second
iteration, arg was pointing to the "1", which caused problems for
nextArgument(), which saw the ")" as the next token and returned
nullptr, signalling that there are no more arguments.
Instead, save the first token in the argument, which makes
nextArgument() do the right thing.
Fix false positive introduced by
0b7649ca9b
Only return the function token from checkTokenInsideExpression when it
might be one the argument (hence keeping a pointer to one of them).
Otherwise, we can directly skip to the token after the function call.
* Fix 9298
Tell cppcheck that strcpy returns its first argument, and use that
knowledge in checkTokenInsideExpression.
* Add missing unit tests in cmake
* Fix memleak FP with return with parenthesis
Fix FPs pointed out by daca@home on the following form:
void* f(void) {
void* x = malloc(1);
return(x);
}
Fix it by only skipping tokens if there is an actual match with a
variable. This allows to remove the special casing of "return;".
* Add testcase with cast
This fixes crashes found by daca where valueType() is NULL. Also,
somewhat related, it removes warnings when casting to a type that is
unknown to cppcheck, for example, there is no longer a warning for the
following code:
void* f() {
void *x = malloc(1);
return (mytype)x;
}
This was most likely introduced when the checks were changed to run on
the full tokenlist instead of the simplified one.
Take care to warn about cases where casts destroy the pointer, such as
uint8_t f() {
void* x = malloc(1);
return (uint8_t)x;
}