Fix 12760: FN knownConditionTrueFalse for pointer + offset (#6491)

danmar · Jun 7, 2024 · ac0bd6d · ac0bd6d
1 parent 270518c
commit ac0bd6d
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 4 deletions.
diff --git a/lib/valueflow.cpp b/lib/valueflow.cpp
@@ -1091,6 +1091,11 @@ static void valueFlowImpossibleValues(TokenList& tokenList, const Settings& sett
             ValueFlow::Value value{0};
             value.setImpossible();
             setTokenValue(tok, std::move(value), settings);
+        } else if (tok->variable() && tok->variable()->isArray() && !tok->variable()->isArgument() &&
+                   !tok->variable()->isStlType()) {
+            ValueFlow::Value value{0};
+            value.setImpossible();
+            setTokenValue(tok, std::move(value), settings);
         } else if (tok->isIncompleteVar() && tok->astParent() && tok->astParent()->isUnaryOp("-") &&
                    isConvertedToIntegral(tok->astParent(), settings)) {
             ValueFlow::Value value{0};

diff --git a/lib/vf_settokenvalue.cpp b/lib/vf_settokenvalue.cpp
@@ -441,10 +441,16 @@ namespace ValueFlow
                 setTokenValue(parent, v, settings);
         }
 
+        // Offset of non null pointer is not null also
+        else if (astIsPointer(tok) && Token::Match(parent, "+|-") && value.isIntValue() && value.isImpossible() &&
+                 value.intvalue == 0) {
+            setTokenValue(parent, value, settings);
+        }
+
         // Calculations..
-        else if ((parent->isArithmeticalOp() || parent->isComparisonOp() || (parent->tokType() == Token::eBitOp) || (parent->tokType() == Token::eLogicalOp)) &&
-                 parent->astOperand1() &&
-                 parent->astOperand2()) {
+        else if ((parent->isArithmeticalOp() || parent->isComparisonOp() || (parent->tokType() == Token::eBitOp) ||
+                  (parent->tokType() == Token::eLogicalOp)) &&
+                 parent->astOperand1() && parent->astOperand2()) {
 
             const bool noninvertible = isNonInvertibleOperation(parent);
 
@@ -659,7 +665,8 @@ namespace ValueFlow
         }
 
         // C++ init
-        else if (parent->str() == "{" && Token::simpleMatch(parent->previous(), "= {") && Token::simpleMatch(parent->link(), "} ;")) {
+        else if (parent->str() == "{" && Token::simpleMatch(parent->previous(), "= {") &&
+                 Token::simpleMatch(parent->link(), "} ;")) {
             const Token* lhs = parent->previous()->astOperand1();
             if (lhs && lhs->valueType()) {
                 if (lhs->valueType()->isIntegral() || lhs->valueType()->isFloat() || (lhs->valueType()->pointer > 0 && value.isIntValue())) {

diff --git a/test/testcondition.cpp b/test/testcondition.cpp
@@ -4600,6 +4600,13 @@ class TestCondition : public TestFixture {
               "    if ((i = g(), 1) != 0) {}\n"
               "}\n");
         ASSERT_EQUALS("[test.cpp:3]: (style) Condition '(i=g(),1)!=0' is always true\n", errout_str());
+
+        check("void f(unsigned i) {\n"
+              "    const int a[2] = {};\n"
+              "    const int* q = a + i;\n"
+              "    if (q) {}\n"
+              "}\n");
+        ASSERT_EQUALS("[test.cpp:4]: (style) Condition 'q' is always true\n", errout_str());
     }
 
     void alwaysTrueSymbolic()