Fix #12951 nullptr dereference in CheckLeakAutoVar::checkScope() (#6613)

Author: chrchr-github

cfg/sqlite3.cfg

@@ -1027,6 +1027,49 @@
       <not-bool/>
     </arg>
   </function>
+  <!-- https://www.sqlite.org/capi3ref.html#sqlite3_open -->
+  <!-- int sqlite3_open16(const void *filename,   /* Database filename (UTF-16) */
+                          sqlite3 **ppDb          /* OUT: SQLite db handle */); -->
+  <function name="sqlite3_open16">
+    <noreturn>false</noreturn>
+    <returnValue type="int"/>
+    <arg nr="1" direction="in">
+      <not-null/>
+      <not-uninit/>
+      <strz/>
+    </arg>
+    <arg nr="2" direction="out">
+      <not-null/>
+      <not-bool/>
+    </arg>
+  </function>
+  <!-- https://www.sqlite.org/capi3ref.html#sqlite3_open -->
+  <!-- int sqlite3_open_v2(const char *filename,   /* Database filename (UTF-8) */
+                           sqlite3 **ppDb,         /* OUT: SQLite db handle */
+                           int flags,              /* Flags */
+                           const char *zVfs        /* Name of VFS module to use */); -->
+  <function name="sqlite3_open_v2">
+    <noreturn>false</noreturn>
+    <returnValue type="int"/>
+    <arg nr="1" direction="in">
+      <not-null/>
+      <not-uninit/>
+      <strz/>
+    </arg>
+    <arg nr="2" direction="out">
+      <not-null/>
+      <not-bool/>
+    </arg>
+    <arg nr="3" direction="in">
+      <not-uninit/>
+      <not-bool/>
+    </arg>
+    <arg nr="4" direction="in">
+      <not-null/>
+      <not-uninit/>
+      <strz/>
+    </arg>
+  </function>
   <!-- https://www.sqlite.org/capi3ref.html#sqlite3_prepare -->
   <!-- int sqlite3_prepare(sqlite3 *db,            /* Database handle */
                            const char *zSql,       /* SQL statement, UTF-8 encoded */

lib/checkleakautovar.cpp

@@ -555,7 +555,7 @@ bool CheckLeakAutoVar::checkScope(const Token * const startToken,
                             if (info.second.status != VarInfo::ALLOC)
                                 return false;
                             const Token* ret = getReturnValueFromOutparamAlloc(info.second.allocTok, *mSettings);
-                            return ret && ret->varId() && ret->varId() == vartok->varId();
+                            return ret && vartok && ret->varId() && ret->varId() == vartok->varId();
                         })) {
                             varInfo1.clear();
                         }

test/cfg/sqlite3.c

@@ -46,6 +46,14 @@ void resourceLeak_sqlite3_open()
     // cppcheck-suppress resourceLeak
 }
 
+void resourceLeak_sqlite3_open_v2(const char* Filename, int Flags, int Timeout, const char* Vfs) { // #12951, don't crash
+    sqlite3* handle;
+    const int ret = sqlite3_open_v2(Filename, &handle, Flags, Vfs);
+    if (SQLITE_OK != ret) {}
+    if (Timeout > 0) {}
+    // cppcheck-suppress resourceLeak
+}
+
 void ignoredReturnValue(const char * buf)
 {
     // cppcheck-suppress leakReturnValNotUsed