Skip to content

Commit

Permalink
Fix #12848 FP: null pointer dereference in while loop (danmar#7048)
Browse files Browse the repository at this point in the history
  • Loading branch information
chrchr-github authored Dec 5, 2024
1 parent 94218bd commit 36513ef
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 1 deletion.
2 changes: 1 addition & 1 deletion lib/valueflow.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -4461,7 +4461,7 @@ struct ConditionHandler {
if (!Token::Match(tok, "%assign%|++|--") &&
findExpression(cond.vartok->exprId(), start, end, [&](const Token* tok2) {
return Token::Match(tok2->astParent(), "%assign%") && astIsLHS(tok2);
})) {
}) && !findEscapeStatement(block->scope(), &settings.library)) {
// Start at the end of the loop body
Token* bodyTok = top->link()->next();
reverse(bodyTok->link(), bodyTok, cond.vartok, values, tokenlist, errorLogger, settings);
Expand Down
17 changes: 17 additions & 0 deletions test/testvalueflow.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -1820,6 +1820,23 @@ class TestValueFlow : public TestFixture {
" }\n"
"}";
ASSERT_EQUALS(false, testValueOfX(code, 2U, 0));

code = "struct S {\n" // #12848
" S* next;\n"
" int a;\n"
"};\n"
"void f(S* x, int i) {\n"
" while (x) {\n"
" if (x->a == 0) {\n"
" x = x->next;\n"
" continue;\n"
" }\n"
" if (i == 0)\n"
" break;\n"
" x->a = i--;\n"
" }\n"
"}\n";
ASSERT_EQUALS(false, testValueOfX(code, 13U, 0));
}

void valueFlowBeforeConditionTernaryOp() { // bailout: ?:
Expand Down

0 comments on commit 36513ef

Please sign in to comment.