Skip to content

Commit 8c2390e

Browse files
chrchr-githubchrchr-github
authored
Fix #13409 Crash in valueFlowUnknownFunctionReturn() (danmar#7095)
1 parent 9820403 commit 8c2390e

File tree

2 files changed

+15
-0
lines changed

2 files changed

+15
-0
lines changed

lib/library.cpp

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1205,6 +1205,8 @@ const Library::AllocFunc* Library::getAllocFuncInfo(const Token *tok) const
12051205
{
12061206
while (Token::simpleMatch(tok, "::"))
12071207
tok = tok->astOperand2() ? tok->astOperand2() : tok->astOperand1();
1208+
if (!tok)
1209+
return nullptr;
12081210
const std::string funcname = getFunctionName(tok);
12091211
return isNotLibraryFunction(tok) && mData->mFunctions.find(funcname) != mData->mFunctions.end() ? nullptr : getAllocDealloc(mData->mAlloc, funcname);
12101212
}
@@ -1214,6 +1216,8 @@ const Library::AllocFunc* Library::getDeallocFuncInfo(const Token *tok) const
12141216
{
12151217
while (Token::simpleMatch(tok, "::"))
12161218
tok = tok->astOperand2() ? tok->astOperand2() : tok->astOperand1();
1219+
if (!tok)
1220+
return nullptr;
12171221
const std::string funcname = getFunctionName(tok);
12181222
return isNotLibraryFunction(tok) && mData->mFunctions.find(funcname) != mData->mFunctions.end() ? nullptr : getAllocDealloc(mData->mDealloc, funcname);
12191223
}
@@ -1223,6 +1227,8 @@ const Library::AllocFunc* Library::getReallocFuncInfo(const Token *tok) const
12231227
{
12241228
while (Token::simpleMatch(tok, "::"))
12251229
tok = tok->astOperand2() ? tok->astOperand2() : tok->astOperand1();
1230+
if (!tok)
1231+
return nullptr;
12261232
const std::string funcname = getFunctionName(tok);
12271233
return isNotLibraryFunction(tok) && mData->mFunctions.find(funcname) != mData->mFunctions.end() ? nullptr : getAllocDealloc(mData->mRealloc, funcname);
12281234
}

test/testvalueflow.cpp

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -137,6 +137,7 @@ class TestValueFlow : public TestFixture {
137137
TEST_CASE(valueFlowDynamicBufferSize);
138138

139139
TEST_CASE(valueFlowSafeFunctionParameterValues);
140+
TEST_CASE(valueFlowUnknownFunctionReturn);
140141
TEST_CASE(valueFlowUnknownFunctionReturnRand);
141142
TEST_CASE(valueFlowUnknownFunctionReturnMalloc);
142143

@@ -7240,6 +7241,14 @@ class TestValueFlow : public TestFixture {
72407241
ASSERT_EQUALS(100, values.back().intvalue);
72417242
}
72427243

7244+
void valueFlowUnknownFunctionReturn() {
7245+
const char code[] = "template <typename T>\n" // #13409
7246+
"struct S {\n"
7247+
" std::max_align_t T::* m;\n"
7248+
" S(std::max_align_t T::* p) : m(p) {}\n"
7249+
"};\n";
7250+
(void)valueOfTok(code, ":"); // don't crash
7251+
}
72437252

72447253
void valueFlowUnknownFunctionReturnRand() {
72457254
const char *code;

0 commit comments

Comments
 (0)