Fix #11038, FP memory leak in if-statement in realloc with cast (danmar#4572)

rikardfalkeborn · web-flow · commit 3c21b9cc531e · 2022-11-03T10:37:43.000+01:00
diff --git a/lib/checkleakautovar.cpp b/lib/checkleakautovar.cpp
@@ -452,18 +452,18 @@ void CheckLeakAutoVar::checkScope(const Token * const startToken,
                     while (tokRightAstOperand && tokRightAstOperand->isCast())
                         tokRightAstOperand = tokRightAstOperand->astOperand2() ? tokRightAstOperand->astOperand2() : tokRightAstOperand->astOperand1();
                     if (tokRightAstOperand && Token::Match(tokRightAstOperand->previous(), "%type% (")) {
-                        const Library::AllocFunc* f = mSettings->library.getAllocFuncInfo(tokRightAstOperand->previous());
+                        const Token * fTok = tokRightAstOperand->previous();
+                        const Library::AllocFunc* f = mSettings->library.getAllocFuncInfo(fTok);
                         if (f && f->arg == -1) {
                             VarInfo::AllocInfo& varAlloc = alloctype[innerTok->varId()];
                             varAlloc.type = f->groupId;
                             varAlloc.status = VarInfo::ALLOC;
-                            varAlloc.allocTok = tokRightAstOperand->previous();
+                            varAlloc.allocTok = fTok;
                         } else {
                             // Fixme: warn about leak
                             alloctype.erase(innerTok->varId());
                         }
-
-                        changeAllocStatusIfRealloc(alloctype, innerTok->tokAt(2), varTok);
+                        changeAllocStatusIfRealloc(alloctype, fTok, varTok);
                     } else if (mTokenizer->isCPP() && Token::Match(innerTok->tokAt(2), "new !!(")) {
                         const Token* tok2 = innerTok->tokAt(2)->astOperand1();
                         const bool arrayNew = (tok2 && (tok2->str() == "[" || (tok2->str() == "(" && tok2->astOperand1() && tok2->astOperand1()->str() == "[")));
diff --git a/test/testleakautovar.cpp b/test/testleakautovar.cpp
@@ -169,6 +169,7 @@ class TestLeakAutoVar : public TestFixture {
         TEST_CASE(ifelse25); // #9966
         TEST_CASE(ifelse26);
         TEST_CASE(ifelse27);
+        TEST_CASE(ifelse28); // #11038
 
         // switch
         TEST_CASE(switch1);
@@ -1909,6 +1910,17 @@ class TestLeakAutoVar : public TestFixture {
         ASSERT_EQUALS("", errout.str());
     }
 
+    void ifelse28() { // #11038
+        check("char * f(void) {\n"
+              "   char *buf = (char*)malloc(42*sizeof(char));\n"
+              "   char *temp;\n"
+              "   if ((temp = (char*)realloc(buf, 16)) != NULL)\n"
+              "   {  buf = temp;  }\n"
+              "   return buf;\n"
+              "}\n");
+        ASSERT_EQUALS("", errout.str());
+    }
+
     void switch1() {
         check("void f() {\n"
               "    char *p = 0;\n"
