You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: test/testnullpointer.cpp
+22Lines changed: 22 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -145,6 +145,7 @@ class TestNullPointer : public TestFixture {
145
145
TEST_CASE(nullpointer105); // #13861
146
146
TEST_CASE(nullpointer106); // #13682
147
147
TEST_CASE(nullpointer107); // #13682 (no false positive past unrelated conditions)
148
+
TEST_CASE(nullpointer108); // #13682 (FN: definite null deref missed due to ProgramMemory)
148
149
TEST_CASE(nullpointer_addressOf); // address of
149
150
TEST_CASE(nullpointerSwitch); // #2626
150
151
TEST_CASE(nullpointer_cast); // #4692
@@ -3041,6 +3042,27 @@ class TestNullPointer : public TestFixture {
3041
3042
ASSERT_EQUALS("", errout_str());
3042
3043
}
3043
3044
3045
+
voidnullpointer108() // #13682 - FN: dereference of a definitely-null pointer is missed
3046
+
{
3047
+
// 'if (ok) return;' means the surviving path has ok==false, i.e. p==nullptr, so 'p->g()'
3048
+
// dereferences a null pointer. ProgramMemory cannot evaluate the cached 'ok' (== (p != nullptr))
3049
+
// during forward analysis, so the conditionReferencesValue() guard stops the analysis here and the
3050
+
// definite null dereference is missed. This should warn once ProgramMemory can follow 'ok'.
3051
+
check("struct S { void g(); bool f() const; };\n"
3052
+
"void f(S* p) {\n"
3053
+
" bool ok = (p != nullptr);\n"
3054
+
" if (p && p->f())\n"
3055
+
" return;\n"
3056
+
" if (ok)\n"
3057
+
" return;\n"
3058
+
" p->g();\n"
3059
+
"}\n");
3060
+
TODO_ASSERT_EQUALS(
3061
+
"[test.cpp:4:9] -> [test.cpp:8:5]: (warning) Either the condition 'p' is redundant or there is possible null pointer dereference: p. [nullPointerRedundantCheck]\n",
0 commit comments