Fix 12461: False positive: uninitialized buffer, address of and funct…

…ion call (#6248)
danmar · Apr 6, 2024 · 15a818c · 15a818c
1 parent 1707820
commit 15a818c
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 2 deletions.
diff --git a/lib/astutils.cpp b/lib/astutils.cpp
@@ -634,11 +634,13 @@ const Token* getParentLifetime(const Token* tok, const Library* library)
     std::vector<const Token*> members = getParentMembers(tok);
     if (members.size() < 2)
         return tok;
-    // Find the first local variable or temporary
+    // Find the first local variable, temporary, or array
     auto it = std::find_if(members.crbegin(), members.crend(), [&](const Token* tok2) {
         const Variable* var = tok2->variable();
         if (var)
             return var->isLocal() || var->isArgument();
+        if (Token::simpleMatch(tok2, "["))
+            return true;
         return isTemporary(tok2, library);
     });
     if (it == members.rend())
@@ -668,7 +670,10 @@ const Token* getParentLifetime(const Token* tok, const Library* library)
         return var && var->isReference();
     }))
         return nullptr;
-    return *it;
+    const Token* result = *it;
+    if (Token::simpleMatch(result, "[") && result->astOperand1())
+        return getParentLifetime(result->astOperand1());
+    return result;
 }
 
 static bool isInConstructorList(const Token* tok)

diff --git a/test/testuninitvar.cpp b/test/testuninitvar.cpp
@@ -7445,6 +7445,31 @@ class TestUninitVar : public TestFixture {
                         "    p->f();\n"
                         "}\n");
         ASSERT_EQUALS("[test.cpp:7] -> [test.cpp:9]: (warning) Uninitialized variable: p\n", errout_str());
+
+        // #12461
+        valueFlowUninit("struct stry_type {\n"
+                        "  void *out;\n"
+                        "};\n"
+                        "void bar(str_type *items);\n"
+                        "void foo() {\n"
+                        "  str_type st_arr[1];\n"
+                        "  char arr[5];\n"
+                        "  st_arr[0].out = &arr;\n"
+                        "  bar(st_arr);\n"
+                        "  int len = strlen(arr);\n"
+                        "}\n");
+        ASSERT_EQUALS("", errout_str());
+
+        valueFlowUninit("struct stry_type {\n"
+                        "  void *out;\n"
+                        "};\n"
+                        "void foo() {\n"
+                        "  str_type st_arr[1];\n"
+                        "  char arr[5];\n"
+                        "  st_arr[0].out = &arr;\n"
+                        "  int len = strlen(arr);\n"
+                        "}\n");
+        ASSERT_EQUALS("[test.cpp:8]: (error) Uninitialized variable: arr\n", errout_str());
     }
 
     void uninitvar_memberfunction() {