devinfo/doxyoutput/checknullpointer_8cpp_source.html

 /*

  * Cppcheck - A tool for static C/C++ code analysis

  * Copyright (C) 2007-2023 Cppcheck team.

  *

  * This program is free software: you can redistribute it and/or modify

  * it under the terms of the GNU General Public License as published by

  * the Free Software Foundation, either version 3 of the License, or

  * (at your option) any later version.

  *

  * This program is distributed in the hope that it will be useful,

  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  * GNU General Public License for more details.

  *

  * You should have received a copy of the GNU General Public License

  * along with this program.  If not, see <http://www.gnu.org/licenses/>.

  */


 //---------------------------------------------------------------------------

 #include "checknullpointer.h"


 #include "astutils.h"

 #include "ctu.h"

 #include "errorlogger.h"

 #include "errortypes.h"

 #include "library.h"

 #include "mathlib.h"

 #include "settings.h"

 #include "symboldatabase.h"

 #include "token.h"

 #include "tokenize.h"

 #include "valueflow.h"


 #include <algorithm>

 #include <cctype>

 #include <map>

 #include <set>

 #include <vector>


 //---------------------------------------------------------------------------


 // CWE ids used:

 static const CWE CWE_NULL_POINTER_DEREFERENCE(476U);

 static const CWE CWE_INCORRECT_CALCULATION(682U);


 // Register this check class (by creating a static instance of it)

 namespace {

     CheckNullPointer instance;

 }


 //---------------------------------------------------------------------------


 static bool checkNullpointerFunctionCallPlausibility(const Function* func, unsigned int arg)

 {

     return !func || (func->argCount() >= arg && func->getArgumentVar(arg - 1) && func->getArgumentVar(arg - 1)->isPointer());

 }


 /**

  * @brief parse a function call and extract information about variable usage

  * @param tok first token

  * @param var variables that the function read / write.

  * @param library --library files data

  */

 void CheckNullPointer::parseFunctionCall(const Token &tok, std::list<const Token *> &var, const Library &library)

 {

     if (Token::Match(&tok, "%name% ( )") || !tok.tokAt(2))

         return;


     const std::vector<const Token *> args = getArguments(&tok);


     for (int argnr = 1; argnr <= args.size(); ++argnr) {

         const Token *param = args[argnr - 1];

         if (library.isnullargbad(&tok, argnr) && checkNullpointerFunctionCallPlausibility(tok.function(), argnr))

             var.push_back(param);

         else if (tok.function()) {

             const Variable* argVar = tok.function()->getArgumentVar(argnr-1);

             if (argVar && argVar->isStlStringType() && !argVar->isArrayOrPointer())

                 var.push_back(param);

         }

     }


     if (library.formatstr_function(&tok)) {

         const int formatStringArgNr = library.formatstr_argno(&tok);

         if (formatStringArgNr < 0 || formatStringArgNr >= args.size())

             return;


         // 1st parameter..

         if (Token::Match(&tok, "snprintf|vsnprintf|fnprintf|vfnprintf") && args.size() > 1 && !(args[1] && args[1]->hasKnownIntValue() && args[1]->getKnownIntValue() == 0)) // Only if length (second parameter) is not zero

             var.push_back(args[0]);


         if (args[formatStringArgNr]->tokType() != Token::eString)

             return;

         const std::string &formatString = args[formatStringArgNr]->strValue();

         int argnr = formatStringArgNr + 1;

         const bool scan = library.formatstr_scan(&tok);


         bool percent = false;

         for (std::string::const_iterator i = formatString.cbegin(); i != formatString.cend(); ++i) {

             if (*i == '%') {

                 percent = !percent;

             } else if (percent) {

                 percent = false;


                 bool _continue = false;

                 while (!std::isalpha((unsigned char)*i)) {

                     if (*i == '*') {

                         if (scan)

                             _continue = true;

                         else

                             argnr++;

                     }

                     ++i;

                     if (i == formatString.end())

                         return;

                 }

                 if (_continue)

                     continue;


                 if (argnr < args.size() && (*i == 'n' || *i == 's' || scan))

                     var.push_back(args[argnr]);


                 if (*i != 'm') // %m is a non-standard glibc extension that requires no parameter

                     argnr++;

             }

         }

     }

 }


 namespace {

     const std::set<std::string> stl_stream = {

         "fstream", "ifstream", "iostream", "istream",

         "istringstream", "ofstream", "ostream", "ostringstream",

         "stringstream", "wistringstream", "wostringstream", "wstringstream"

     };

 }


 /**

  * Is there a pointer dereference? Everything that should result in

  * a nullpointer dereference error message will result in a true

  * return value. If it's unknown if the pointer is dereferenced false

  * is returned.

  * @param tok token for the pointer

  * @param unknown it is not known if there is a pointer dereference (could be reported as a debug message)

  * @return true => there is a dereference

  */

 bool CheckNullPointer::isPointerDeRef(const Token *tok, bool &unknown) const

 {

     return isPointerDeRef(tok, unknown, *mSettings);

 }


 bool CheckNullPointer::isPointerDeRef(const Token *tok, bool &unknown, const Settings &settings)

 {

     unknown = false;


     // Is pointer used as function parameter?

     if (Token::Match(tok->previous(), "[(,] %name% [,)]")) {

         const Token *ftok = tok->previous();

         while (ftok && ftok->str() != "(") {

             if (ftok->str() == ")")

                 ftok = ftok->link();

             ftok = ftok->previous();

         }

         if (ftok && ftok->previous()) {

             std::list<const Token *> varlist;

             parseFunctionCall(*ftok->previous(), varlist, settings.library);

             if (std::find(varlist.cbegin(), varlist.cend(), tok) != varlist.cend()) {

                 return true;

             }

         }

     }


     if (tok->str() == "(" && !tok->scope()->isExecutable())

         return false;


     const Token* parent = tok->astParent();

     if (!parent)

         return false;

     const bool addressOf = parent->astParent() && parent->astParent()->str() == "&";

     if (parent->str() == "." && astIsRHS(tok))

         return isPointerDeRef(parent, unknown, settings);

     const bool firstOperand = parent->astOperand1() == tok;

     parent = astParentSkipParens(tok);

     if (!parent)

         return false;


     // Dereferencing pointer..

     const Token* grandParent = parent->astParent();

     if (parent->isUnaryOp("*") && !(grandParent && isUnevaluated(grandParent->previous()))) {

         // declaration of function pointer

         if (tok->variable() && tok->variable()->nameToken() == tok)

             return false;

         if (!addressOf)

             return true;

     }


     // array access

     if (firstOperand && parent->str() == "[" && !addressOf)

         return true;


     // address of member variable / array element

     const Token *parent2 = parent;

     while (Token::Match(parent2, "[|."))

         parent2 = parent2->astParent();

     if (parent2 != parent && parent2 && parent2->isUnaryOp("&"))

         return false;


     // read/write member variable

     if (firstOperand && parent->originalName() == "->" && !addressOf)

         return true;


     // If its a function pointer then check if its called

     if (tok->variable() && tok->variable()->isPointer() && Token::Match(tok->variable()->nameToken(), "%name% ) (") &&

         Token::Match(tok, "%name% ("))

         return true;


     if (Token::Match(tok, "%var% = %var% .") &&

         tok->varId() == tok->tokAt(2)->varId())

         return true;


     // std::string dereferences nullpointers

     if (Token::Match(parent->tokAt(-3), "std :: string|wstring (|{ %name% )|}"))

         return true;

     if (Token::Match(parent->previous(), "%name% (|{ %name% )|}")) {

         const Variable* var = tok->tokAt(-2)->variable();

         if (var && !var->isPointer() && !var->isArray() && var->isStlStringType())

             return true;

     }


     // streams dereference nullpointers

     if (Token::Match(parent, "<<|>>") && !firstOperand) {

         const Variable* var = tok->variable();

         if (var && var->isPointer() && Token::Match(var->typeStartToken(), "char|wchar_t")) { // Only outputting or reading to char* can cause problems

             const Token* tok2 = parent; // Find start of statement

             for (; tok2; tok2 = tok2->previous()) {

                 if (Token::Match(tok2->previous(), ";|{|}|:"))

                     break;

             }

             if (Token::Match(tok2, "std :: cout|cin|cerr"))

                 return true;

             if (tok2 && tok2->varId() != 0) {

                 const Variable* var2 = tok2->variable();

                 if (var2 && var2->isStlType(stl_stream))

                     return true;

             }

         }

     }


     const Variable *ovar = nullptr;

     if (Token::Match(parent, "+|==|!=") || (parent->str() == "=" && !firstOperand)) {

         if (parent->astOperand1() == tok && parent->astOperand2())

             ovar = parent->astOperand2()->variable();

         else if (parent->astOperand1() && parent->astOperand2() == tok)

             ovar = parent->astOperand1()->variable();

     }

     if (ovar && !ovar->isPointer() && !ovar->isArray() && ovar->isStlStringType())

         return true;


     // assume that it's not a dereference (no false positives)

     return false;

 }


 static bool isNullablePointer(const Token* tok)

 {

     if (!tok)

         return false;

     if (Token::simpleMatch(tok, "new") && tok->varId() == 0)

         return false;

     if (astIsPointer(tok))

         return true;

     if (astIsSmartPointer(tok))

         return true;

     if (Token::simpleMatch(tok, "."))

         return isNullablePointer(tok->astOperand2());

     if (const Variable* var = tok->variable()) {

         return (var->isPointer() || var->isSmartPointer());

     }

     return false;

 }


 void CheckNullPointer::nullPointerByDeRefAndChec()

 {

     const bool printInconclusive = (mSettings->certainty.isEnabled(Certainty::inconclusive));


     for (const Token *tok = mTokenizer->tokens(); tok; tok = tok->next()) {

         if (isUnevaluated(tok)) {

             tok = tok->next()->link();

             continue;

         }


         if (Token::Match(tok, "%num%|%char%|%str%"))

             continue;


         if (!isNullablePointer(tok) ||

             (tok->str() == "." && isNullablePointer(tok->astOperand2()) && tok->astOperand2()->getValue(0))) // avoid duplicate warning

             continue;


         // Can pointer be NULL?

         const ValueFlow::Value *value = tok->getValue(0);

         if (!value)

             continue;


         if (!printInconclusive && value->isInconclusive())

             continue;


         // Pointer dereference.

         bool unknown = false;

         if (!isPointerDeRef(tok,unknown)) {

             if (unknown)

                 nullPointerError(tok, tok->expressionString(), value, true);

             continue;

         }


         nullPointerError(tok, tok->expressionString(), value, value->isInconclusive());

     }

 }


 void CheckNullPointer::nullPointer()

 {

     logChecker("CheckNullPointer::nullPointer");

     nullPointerByDeRefAndChec();

 }


 namespace {

     const std::set<std::string> stl_istream = {

         "fstream", "ifstream", "iostream", "istream",

         "istringstream", "stringstream", "wistringstream", "wstringstream"

     };

 }


 /** Dereferencing null constant (simplified token list) */

 void CheckNullPointer::nullConstantDereference()

 {

     logChecker("CheckNullPointer::nullConstantDereference");


     const SymbolDatabase *symbolDatabase = mTokenizer->getSymbolDatabase();


     for (const Scope * scope : symbolDatabase->functionScopes) {

         if (scope->function == nullptr || !scope->function->hasBody()) // We only look for functions with a body

             continue;


         const Token *tok = scope->bodyStart;


         if (scope->function->isConstructor())

             tok = scope->function->token; // Check initialization list


         for (; tok != scope->bodyEnd; tok = tok->next()) {

             if (isUnevaluated(tok))

                 tok = tok->next()->link();


             else if (Token::simpleMatch(tok, "* 0")) {

                 if (Token::Match(tok->previous(), "return|throw|;|{|}|:|[|(|,") || tok->previous()->isOp()) {

                     nullPointerError(tok);

                 }

             }


             else if (Token::Match(tok, "0 [") && (tok->previous()->str() != "&" || !Token::Match(tok->next()->link()->next(), "[.(]")))

                 nullPointerError(tok);


             else if (Token::Match(tok->previous(), "!!. %name% (|{") && (tok->previous()->str() != "::" || tok->strAt(-2) == "std")) {

                 if (Token::Match(tok->tokAt(2), "0|NULL|nullptr )|}") && tok->varId()) { // constructor call

                     const Variable *var = tok->variable();

                     if (var && !var->isPointer() && !var->isArray() && var->isStlStringType())

                         nullPointerError(tok);

                 } else { // function call

                     std::list<const Token *> var;

                     parseFunctionCall(*tok, var, mSettings->library);


                     // is one of the var items a NULL pointer?

                     for (const Token *vartok : var) {

                         if (vartok->hasKnownIntValue() && vartok->getKnownIntValue() == 0)

                             nullPointerError(vartok);

                     }

                 }

             } else if (Token::Match(tok, "std :: string|wstring ( 0|NULL|nullptr )"))

                 nullPointerError(tok);


             else if (Token::Match(tok->previous(), "::|. %name% (")) {

                 const std::vector<const Token *> &args = getArguments(tok);

                 for (int argnr = 0; argnr < args.size(); ++argnr) {

                     const Token *argtok = args[argnr];

                     if (!argtok->hasKnownIntValue())

                         continue;

                     if (argtok->values().front().intvalue != 0)

                         continue;

                     if (mSettings->library.isnullargbad(tok, argnr+1))

                         nullPointerError(argtok);

                 }

             }


             else if (Token::Match(tok->previous(), ">> 0|NULL|nullptr")) { // Only checking input stream operations is safe here, because otherwise 0 can be an integer as well

                 const Token* tok2 = tok->previous(); // Find start of statement

                 for (; tok2; tok2 = tok2->previous()) {

                     if (Token::Match(tok2->previous(), ";|{|}|:|("))

                         break;

                 }

                 if (tok2 && tok2->previous() && tok2->previous()->str()=="(")

                     continue;

                 if (Token::simpleMatch(tok2, "std :: cin"))

                     nullPointerError(tok);

                 if (tok2 && tok2->varId() != 0) {

                     const Variable *var = tok2->variable();

                     if (var && var->isStlType(stl_istream))

                         nullPointerError(tok);

                 }

             }


             const Variable *ovar = nullptr;

             const Token *tokNull = nullptr;

             if (Token::Match(tok, "0|NULL|nullptr ==|!=|>|>=|<|<= %var%")) {

                 if (!Token::Match(tok->tokAt(3),".|[")) {

                     ovar = tok->tokAt(2)->variable();

                     tokNull = tok;

                 }

             } else if (Token::Match(tok, "%var% ==|!=|>|>=|<|<= 0|NULL|nullptr") ||

                        Token::Match(tok, "%var% =|+ 0|NULL|nullptr )|]|,|;|+")) {

                 ovar = tok->variable();

                 tokNull = tok->tokAt(2);

             }

             if (ovar && !ovar->isPointer() && !ovar->isArray() && ovar->isStlStringType() && tokNull && tokNull->originalName() != "'\\0'")

                 nullPointerError(tokNull);

         }

     }

 }


 void CheckNullPointer::nullPointerError(const Token *tok, const std::string &varname, const ValueFlow::Value *value, bool inconclusive)

 {

     const std::string errmsgcond("$symbol:" + varname + '\n' + ValueFlow::eitherTheConditionIsRedundant(value ? value->condition : nullptr) + " or there is possible null pointer dereference: $symbol.");

     const std::string errmsgdefarg("$symbol:" + varname + "\nPossible null pointer dereference if the default parameter value is used: $symbol");


     if (!tok) {

         reportError(tok, Severity::error, "nullPointer", "Null pointer dereference", CWE_NULL_POINTER_DEREFERENCE, Certainty::normal);

         reportError(tok, Severity::warning, "nullPointerDefaultArg", errmsgdefarg, CWE_NULL_POINTER_DEREFERENCE, Certainty::normal);

         reportError(tok, Severity::warning, "nullPointerRedundantCheck", errmsgcond, CWE_NULL_POINTER_DEREFERENCE, Certainty::normal);

         return;

     }


     if (!value) {

         reportError(tok, Severity::error, "nullPointer", "Null pointer dereference", CWE_NULL_POINTER_DEREFERENCE, inconclusive ? Certainty::inconclusive : Certainty::normal);

         return;

     }


     if (!mSettings->isEnabled(value, inconclusive))

         return;


     const ErrorPath errorPath = getErrorPath(tok, value, "Null pointer dereference");


     if (value->condition) {

         reportError(errorPath, Severity::warning, "nullPointerRedundantCheck", errmsgcond, CWE_NULL_POINTER_DEREFERENCE, inconclusive || value->isInconclusive() ? Certainty::inconclusive : Certainty::normal);

     } else if (value->defaultArg) {

         reportError(errorPath, Severity::warning, "nullPointerDefaultArg", errmsgdefarg, CWE_NULL_POINTER_DEREFERENCE, inconclusive || value->isInconclusive() ? Certainty::inconclusive : Certainty::normal);

     } else {

         std::string errmsg = std::string(value->isKnown() ? "Null" : "Possible null") + " pointer dereference";

         if (!varname.empty())

             errmsg = "$symbol:" + varname + '\n' + errmsg + ": $symbol";


         reportError(errorPath,

                     value->isKnown() ? Severity::error : Severity::warning,

                     "nullPointer",

                     errmsg,

                     CWE_NULL_POINTER_DEREFERENCE, inconclusive || value->isInconclusive() ? Certainty::inconclusive : Certainty::normal);

     }

 }


 void CheckNullPointer::arithmetic()

 {

     logChecker("CheckNullPointer::arithmetic");

     const SymbolDatabase *symbolDatabase = mTokenizer->getSymbolDatabase();

     for (const Scope * scope : symbolDatabase->functionScopes) {

         for (const Token* tok = scope->bodyStart->next(); tok != scope->bodyEnd; tok = tok->next()) {

             if (!Token::Match(tok, "-|+|+=|-=|++|--"))

                 continue;

             const Token *pointerOperand;

             const Token *numericOperand;

             if (tok->astOperand1() && tok->astOperand1()->valueType() && tok->astOperand1()->valueType()->pointer != 0) {

                 pointerOperand = tok->astOperand1();

                 numericOperand = tok->astOperand2();

             } else if (tok->astOperand2() && tok->astOperand2()->valueType() && tok->astOperand2()->valueType()->pointer != 0) {

                 pointerOperand = tok->astOperand2();

                 numericOperand = tok->astOperand1();

             } else

                 continue;

             if (numericOperand && numericOperand->valueType() && !numericOperand->valueType()->isIntegral())

                 continue;

             const ValueFlow::Value* numValue = numericOperand ? numericOperand->getValue(0) : nullptr;

             if (numValue && numValue->intvalue == 0) // don't warn for arithmetic with 0

                 continue;

             const ValueFlow::Value* value = pointerOperand->getValue(0);

             if (!value)

                 continue;

             if (!mSettings->certainty.isEnabled(Certainty::inconclusive) && value->isInconclusive())

                 continue;

             if (value->condition && !mSettings->severity.isEnabled(Severity::warning))

                 continue;

             if (value->condition)

                 redundantConditionWarning(tok, value, value->condition, value->isInconclusive());

             else

                 pointerArithmeticError(tok, value, value->isInconclusive());

         }

     }

 }


 static std::string arithmeticTypeString(const Token *tok)

 {

     if (tok && tok->str()[0] == '-')

         return "subtraction";

     if (tok && tok->str()[0] == '+')

         return "addition";

     return "arithmetic";

 }


 void CheckNullPointer::pointerArithmeticError(const Token* tok, const ValueFlow::Value *value, bool inconclusive)

 {

     // cppcheck-suppress shadowFunction - TODO: fix this

     std::string arithmetic = arithmeticTypeString(tok);

     std::string errmsg;

     if (tok && tok->str()[0] == '-') {

         errmsg = "Overflow in pointer arithmetic, NULL pointer is subtracted.";

     } else {

         errmsg = "Pointer " + arithmetic + " with NULL pointer.";

     }

     const ErrorPath errorPath = getErrorPath(tok, value, "Null pointer " + arithmetic);

     reportError(errorPath,

                 Severity::error,

                 "nullPointerArithmetic",

                 errmsg,

                 CWE_INCORRECT_CALCULATION,

                 inconclusive ? Certainty::inconclusive : Certainty::normal);

 }


 void CheckNullPointer::redundantConditionWarning(const Token* tok, const ValueFlow::Value *value, const Token *condition, bool inconclusive)

 {

     // cppcheck-suppress shadowFunction - TODO: fix this

     std::string arithmetic = arithmeticTypeString(tok);

     std::string errmsg;

     if (tok && tok->str()[0] == '-') {

         errmsg = ValueFlow::eitherTheConditionIsRedundant(condition) + " or there is overflow in pointer " + arithmetic + ".";

     } else {

         errmsg = ValueFlow::eitherTheConditionIsRedundant(condition) + " or there is pointer arithmetic with NULL pointer.";

     }

     const ErrorPath errorPath = getErrorPath(tok, value, "Null pointer " + arithmetic);

     reportError(errorPath,

                 Severity::warning,

                 "nullPointerArithmeticRedundantCheck",

                 errmsg,

                 CWE_INCORRECT_CALCULATION,

                 inconclusive ? Certainty::inconclusive : Certainty::normal);

 }


 // NOLINTNEXTLINE(readability-non-const-parameter) - used as callback so we need to preserve the signature

 static bool isUnsafeUsage(const Settings &settings, const Token *vartok, MathLib::bigint *value)

 {

     (void)value;

     bool unknown = false;

     return CheckNullPointer::isPointerDeRef(vartok, unknown, settings);

 }


 // a Clang-built executable will crash when using the anonymous MyFileInfo later on - so put it in a unique namespace for now

 // see https://trac.cppcheck.net/ticket/12108 for more details

 #ifdef __clang__

 inline namespace CheckNullPointer_internal

 #else

 namespace

 #endif

 {

     /* data for multifile checking */

     class MyFileInfo : public Check::FileInfo {

     public:

         /** function arguments that are dereferenced without checking if they are null */

         std::list<CTU::FileInfo::UnsafeUsage> unsafeUsage;


         /** Convert data into xml string */

         std::string toString() const override

         {

             return CTU::toString(unsafeUsage);

         }

     };

 }


 Check::FileInfo *CheckNullPointer::getFileInfo(const Tokenizer &tokenizer, const Settings &settings) const

 {

     const std::list<CTU::FileInfo::UnsafeUsage> &unsafeUsage = CTU::getUnsafeUsage(tokenizer, settings, isUnsafeUsage);

     if (unsafeUsage.empty())

         return nullptr;


     auto *fileInfo = new MyFileInfo;

     fileInfo->unsafeUsage = unsafeUsage;

     return fileInfo;

 }


 Check::FileInfo * CheckNullPointer::loadFileInfoFromXml(const tinyxml2::XMLElement *xmlElement) const

 {

     const std::list<CTU::FileInfo::UnsafeUsage> &unsafeUsage = CTU::loadUnsafeUsageListFromXml(xmlElement);

     if (unsafeUsage.empty())

         return nullptr;


     auto *fileInfo = new MyFileInfo;

     fileInfo->unsafeUsage = unsafeUsage;

     return fileInfo;

 }


 bool CheckNullPointer::analyseWholeProgram(const CTU::FileInfo *ctu, const std::list<Check::FileInfo*> &fileInfo, const Settings& settings, ErrorLogger &errorLogger)

 {

     if (!ctu)

         return false;

     bool foundErrors = false;

     (void)settings; // This argument is unused


     CheckNullPointer dummy(nullptr, &settings, &errorLogger);

     dummy.

     logChecker("CheckNullPointer::analyseWholeProgram"); // unusedfunctions


     const std::map<std::string, std::list<const CTU::FileInfo::CallBase *>> callsMap = ctu->getCallsMap();


     for (const Check::FileInfo* fi1 : fileInfo) {

         const MyFileInfo *fi = dynamic_cast<const MyFileInfo*>(fi1);

         if (!fi)

             continue;

         for (const CTU::FileInfo::UnsafeUsage &unsafeUsage : fi->unsafeUsage) {

             for (int warning = 0; warning <= 1; warning++) {

                 if (warning == 1 && !settings.severity.isEnabled(Severity::warning))

                     break;


                 const std::list<ErrorMessage::FileLocation> &locationList =

                     CTU::FileInfo::getErrorPath(CTU::FileInfo::InvalidValueType::null,

                                                 unsafeUsage,

                                                 callsMap,

                                                 "Dereferencing argument ARG that is null",

                                                 nullptr,

                                                 warning);

                 if (locationList.empty())

                     continue;


                 const ErrorMessage errmsg(locationList,

                                           emptyString,

                                           warning ? Severity::warning : Severity::error,

                                           "Null pointer dereference: " + unsafeUsage.myArgumentName,

                                           "ctunullpointer",

                                           CWE_NULL_POINTER_DEREFERENCE, Certainty::normal);

                 errorLogger.reportErr(errmsg);


                 foundErrors = true;

                 break;

             }

         }

     }


     return foundErrors;

 }

getArguments
std::vector< const Token * > getArguments(const Token *ftok)
Get arguments (AST)
Definition: astutils.cpp:3074

astIsPointer
bool astIsPointer(const Token *tok)
Definition: astutils.cpp:220

astIsSmartPointer
bool astIsSmartPointer(const Token *tok)
Definition: astutils.cpp:225

astParentSkipParens
const Token * astParentSkipParens(const Token *tok)
Definition: astutils.cpp:557

astIsRHS
bool astIsRHS(const Token *tok)
Definition: astutils.cpp:792

isUnevaluated
bool isUnevaluated(const Token *tok)
Definition: astutils.cpp:3587

astutils.h

isNullablePointer
static bool isNullablePointer(const Token *tok)
Definition: checknullpointer.cpp:264

CWE_NULL_POINTER_DEREFERENCE
static const CWE CWE_NULL_POINTER_DEREFERENCE(476U)

checkNullpointerFunctionCallPlausibility
static bool checkNullpointerFunctionCallPlausibility(const Function *func, unsigned int arg)
Definition: checknullpointer.cpp:54

CWE_INCORRECT_CALCULATION
static const CWE CWE_INCORRECT_CALCULATION(682U)

arithmeticTypeString
static std::string arithmeticTypeString(const Token *tok)
Definition: checknullpointer.cpp:504

isUnsafeUsage
static bool isUnsafeUsage(const Settings &settings, const Token *vartok, MathLib::bigint *value)
Definition: checknullpointer.cpp:552

checknullpointer.h

CTU::FileInfo
Definition: ctu.h:52

CTU::FileInfo::getErrorPath
static std::list< ErrorMessage::FileLocation > getErrorPath(InvalidValueType invalidValue, const UnsafeUsage &unsafeUsage, const std::map< std::string, std::list< const CallBase * >> &callsMap, const char info[], const FunctionCall **const functionCallPtr, bool warning)
Definition: ctu.cpp:554

CTU::FileInfo::getCallsMap
std::map< std::string, std::list< const CallBase * > > getCallsMap() const
Definition: ctu.cpp:247

CTU::FileInfo::InvalidValueType::null
@ null

CheckNullPointer
check for null pointer dereferencing
Definition: checknullpointer.h:52

CheckNullPointer::parseFunctionCall
static void parseFunctionCall(const Token &tok, std::list< const Token * > &var, const Library &library)
parse a function call and extract information about variable usage
Definition: checknullpointer.cpp:65

CheckNullPointer::nullPointerByDeRefAndChec
void nullPointerByDeRefAndChec()
Does one part of the check for nullPointer().
Definition: checknullpointer.cpp:282

CheckNullPointer::loadFileInfoFromXml
Check::FileInfo * loadFileInfoFromXml(const tinyxml2::XMLElement *xmlElement) const override
Definition: checknullpointer.cpp:592

CheckNullPointer::nullPointer
void nullPointer()
possible null pointer dereference
Definition: checknullpointer.cpp:319

CheckNullPointer::pointerArithmeticError
void pointerArithmeticError(const Token *tok, const ValueFlow::Value *value, bool inconclusive)
Definition: checknullpointer.cpp:513

CheckNullPointer::getFileInfo
Check::FileInfo * getFileInfo(const Tokenizer &tokenizer, const Settings &settings) const override
Parse current TU and extract file info.
Definition: checknullpointer.cpp:581

CheckNullPointer::redundantConditionWarning
void redundantConditionWarning(const Token *tok, const ValueFlow::Value *value, const Token *condition, bool inconclusive)
Definition: checknullpointer.cpp:532

CheckNullPointer::arithmetic
void arithmetic()
undefined null pointer arithmetic
Definition: checknullpointer.cpp:466

CheckNullPointer::nullConstantDereference
void nullConstantDereference()
dereferencing null constant (after Tokenizer::simplifyKnownVariables)
Definition: checknullpointer.cpp:333

CheckNullPointer::nullPointerError
void nullPointerError(const Token *tok)
Definition: checknullpointer.h:101

CheckNullPointer::analyseWholeProgram
bool analyseWholeProgram(const CTU::FileInfo *ctu, const std::list< Check::FileInfo * > &fileInfo, const Settings &settings, ErrorLogger &errorLogger) override
Analyse all file infos for all TU.
Definition: checknullpointer.cpp:603

CheckNullPointer::isPointerDeRef
bool isPointerDeRef(const Token *tok, bool &unknown) const
Is there a pointer dereference? Everything that should result in a nullpointer dereference error mess...
Definition: checknullpointer.cpp:147

Check::FileInfo
Base class used for whole-program analysis.
Definition: check.h:103

Check::reportError
void reportError(const Token *tok, const Severity severity, const std::string &id, const std::string &msg)
report an error
Definition: check.h:138

Check::mSettings
const Settings *const mSettings
Definition: check.h:134

Check::getErrorPath
ErrorPath getErrorPath(const Token *errtok, const ValueFlow::Value *value, std::string bug) const
Definition: check.cpp:111

Check::mTokenizer
const Tokenizer *const mTokenizer
Definition: check.h:133

Check::logChecker
void logChecker(const char id[])
log checker
Definition: check.cpp:129

ErrorLogger
This is an interface, which the class responsible of error logging should implement.
Definition: errorlogger.h:214

ErrorLogger::reportErr
virtual void reportErr(const ErrorMessage &msg)=0
Information about found errors and warnings is directed here.

ErrorMessage
Wrapper for error messages, provided by reportErr()
Definition: errorlogger.h:48

Function
Definition: symboldatabase.h:698

Function::hasBody
bool hasBody() const
Definition: symboldatabase.h:816

Function::getArgumentVar
const Variable * getArgumentVar(nonneg int num) const
Definition: symboldatabase.cpp:4683

Function::argCount
nonneg int argCount() const
Definition: symboldatabase.h:761

Function::token
const Token * token
function name token in implementation
Definition: symboldatabase.h:906

Function::isConstructor
bool isConstructor() const
Definition: symboldatabase.h:785

Library
Library definitions handling.
Definition: library.h:52

Library::isnullargbad
bool isnullargbad(const Token *ftok, int argnr) const
Definition: library.cpp:1046

Library::formatstr_function
bool formatstr_function(const Token *ftok) const
Definition: library.cpp:1361

Library::formatstr_argno
int formatstr_argno(const Token *ftok) const
Definition: library.cpp:1372

Library::formatstr_scan
bool formatstr_scan(const Token *ftok) const
Definition: library.cpp:1381

MathLib::bigint
long long bigint
Definition: mathlib.h:68

Scope
Definition: symboldatabase.h:1014

Scope::function
Function * function
function info for this function
Definition: symboldatabase.h:1049

Scope::bodyStart
const Token * bodyStart
'{' token
Definition: symboldatabase.h:1032

Scope::bodyEnd
const Token * bodyEnd
'}' token
Definition: symboldatabase.h:1033

Settings
This is just a container for general settings so that we don't need to pass individual values to func...
Definition: settings.h:95

Settings::isEnabled
bool isEnabled(const ValueFlow::Value *value, bool inconclusiveCheck=false) const
Returns true if given value can be shown.
Definition: settings.cpp:257

Settings::library
Library library
Library.
Definition: settings.h:237

Settings::certainty
SimpleEnableGroup< Certainty > certainty
Definition: settings.h:356

Settings::severity
SimpleEnableGroup< Severity > severity
Definition: settings.h:355

SimpleEnableGroup::isEnabled
bool isEnabled(T flag) const
Definition: settings.h:66

SymbolDatabase
Definition: symboldatabase.h:1319

SymbolDatabase::functionScopes
std::vector< const Scope * > functionScopes
Fast access to function scopes.
Definition: symboldatabase.h:1329

Token
The token list that the TokenList generates is a linked-list of this class.
Definition: token.h:150

Token::str
void str(T &&s)
Definition: token.h:179

Token::getValue
const ValueFlow::Value * getValue(const MathLib::bigint val) const
Definition: token.cpp:2596

Token::Match
static bool Match(const Token *tok, const char pattern[], nonneg int varid=0)
Match given token (or list of tokens) to a pattern list.
Definition: token.cpp:722

Token::originalName
const std::string & originalName() const
Definition: token.h:1193

Token::hasKnownIntValue
bool hasKnownIntValue() const
Definition: token.cpp:2553

Token::valueType
const ValueType * valueType() const
Definition: token.h:331

Token::strAt
const std::string & strAt(int index) const
Definition: token.cpp:457

Token::astOperand1
void astOperand1(Token *tok)
Definition: token.cpp:1490

Token::function
void function(const Function *f)
Associate this token with given function.
Definition: token.cpp:1127

Token::varId
nonneg int varId() const
Definition: token.h:870

Token::isUnaryOp
bool isUnaryOp(const std::string &s) const
Definition: token.h:413

Token::isOp
bool isOp() const
Definition: token.h:380

Token::tokAt
const Token * tokAt(int index) const
Definition: token.cpp:427

Token::astOperand2
void astOperand2(Token *tok)
Definition: token.cpp:1502

Token::scope
void scope(const Scope *s)
Associate this token with given scope.
Definition: token.h:1042

Token::link
void link(Token *linkToToken)
Create link to given token.
Definition: token.h:1015

Token::eString
@ eString
Definition: token.h:162

Token::previous
Token * previous()
Definition: token.h:862

Token::variable
void variable(const Variable *v)
Associate this token with given variable.
Definition: token.h:1070

Token::next
Token * next()
Definition: token.h:830

Token::values
const std::list< ValueFlow::Value > & values() const
Definition: token.h:1197

Token::simpleMatch
static bool simpleMatch(const Token *tok, const char(&pattern)[count])
Match given token (or list of tokens) to a pattern list.
Definition: token.h:252

Token::astParent
void astParent(Token *tok)
Definition: token.cpp:1471

Tokenizer
The main purpose is to tokenize the source code.
Definition: tokenize.h:46

Tokenizer::tokens
const Token * tokens() const
Definition: tokenize.h:592

Tokenizer::getSymbolDatabase
const SymbolDatabase * getSymbolDatabase() const
Definition: tokenize.h:563

ValueFlow::Value
Definition: vfvalue.h:40

ValueFlow::Value::defaultArg
bool defaultArg
Is this value passed as default parameter to the function?
Definition: vfvalue.h:299

ValueFlow::Value::isKnown
bool isKnown() const
Definition: vfvalue.h:353

ValueFlow::Value::condition
const Token * condition
Condition that this value depends on.
Definition: vfvalue.h:280

ValueFlow::Value::intvalue
long long intvalue
int value (or sometimes bool value?)
Definition: vfvalue.h:268

ValueFlow::Value::isInconclusive
bool isInconclusive() const
Definition: vfvalue.h:378

ValueType::isIntegral
bool isIntegral() const
Definition: symboldatabase.h:1289

Variable
Information about a member variable.
Definition: symboldatabase.h:165

Variable::isArrayOrPointer
bool isArrayOrPointer() const
Is array or pointer variable.
Definition: symboldatabase.h:466

Variable::isStlType
bool isStlType() const
Checks if the variable is an STL type ('std::') E.g.
Definition: symboldatabase.h:568

Variable::isArray
bool isArray() const
Is variable an array.
Definition: symboldatabase.h:436

Variable::typeStartToken
const Token * typeStartToken() const
Get type start token.
Definition: symboldatabase.h:256

Variable::isPointer
bool isPointer() const
Is pointer variable.
Definition: symboldatabase.h:444

Variable::isStlStringType
bool isStlStringType() const
Checks if the variable is an STL type ('std::') E.g.
Definition: symboldatabase.h:580

toString
std::string toString(Color c)
Definition: color.cpp:54

emptyString
static const std::string emptyString
Definition: config.h:127

ctu.h

errorlogger.h

errortypes.h

ErrorPath
std::list< ErrorPathItem > ErrorPath
Definition: errortypes.h:130

Severity::warning
@ warning
Warning.

Severity::error
@ error
Programming error.

Certainty::inconclusive
@ inconclusive

Certainty::normal
@ normal

library.h

mathlib.h

CTU::getUnsafeUsage
CPPCHECKLIB std::list< FileInfo::UnsafeUsage > getUnsafeUsage(const Tokenizer &tokenizer, const Settings &settings, bool(*isUnsafeUsage)(const Settings &settings, const Token *argtok, MathLib::bigint *value))
Definition: ctu.cpp:472

CTU::toString
CPPCHECKLIB std::string toString(const std::list< FileInfo::UnsafeUsage > &unsafeUsage)
Definition: ctu.cpp:151

CTU::loadUnsafeUsageListFromXml
CPPCHECKLIB std::list< FileInfo::UnsafeUsage > loadUnsafeUsageListFromXml(const tinyxml2::XMLElement *xmlElement)
Definition: ctu.cpp:257

ValueFlow::eitherTheConditionIsRedundant
std::string eitherTheConditionIsRedundant(const Token *condition)
Definition: valueflow.cpp:9657

settings.h

CTU::FileInfo::UnsafeUsage
Definition: ctu.h:67

CTU::FileInfo::UnsafeUsage::myArgumentName
std::string myArgumentName
Definition: ctu.h:72

CWE
Definition: errortypes.h:124

symboldatabase.h

token.h

tokenize.h

valueflow.h