From 5ef9ba039885636eaf4ac3377d4adb173e65bd52 Mon Sep 17 00:00:00 2001 From: Anton Lindqvist Date: Wed, 12 Jun 2024 13:21:58 +0200 Subject: [PATCH] Fix #12833 FP knownConditionTrueFalse regression (#6514) Performing arithmetic on two pointers is not guaranteed to always yield a non-zero value. Introduced in commit ac0bd6d2fa30 ("Fix 12760: FN knownConditionTrueFalse for pointer + offset (#6491)"). --- lib/vf_settokenvalue.cpp | 5 +++-- test/testcondition.cpp | 11 +++++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/lib/vf_settokenvalue.cpp b/lib/vf_settokenvalue.cpp index 2d417114183..5d1137bd2dd 100644 --- a/lib/vf_settokenvalue.cpp +++ b/lib/vf_settokenvalue.cpp @@ -442,8 +442,9 @@ namespace ValueFlow } // Offset of non null pointer is not null also - else if (astIsPointer(tok) && Token::Match(parent, "+|-") && value.isIntValue() && value.isImpossible() && - value.intvalue == 0) { + else if (astIsPointer(tok) && Token::Match(parent, "+|-") && + (parent->astOperand2() == nullptr || !astIsPointer(parent->astOperand2())) && + value.isIntValue() && value.isImpossible() && value.intvalue == 0) { setTokenValue(parent, value, settings); } diff --git a/test/testcondition.cpp b/test/testcondition.cpp index 8128cd2166b..e7709c7fa5e 100644 --- a/test/testcondition.cpp +++ b/test/testcondition.cpp @@ -4620,6 +4620,17 @@ class TestCondition : public TestFixture { " if (j != 0) {}\n" "}\n"); ASSERT_EQUALS("", errout_str()); + + check("void f() {\n" + " const char *s1 = foo();\n" + " const char *s2 = bar();\n" + " if (s2 == NULL)\n" + " return;\n" + " size_t len = s2 - s1;\n" + " if (len == 0)\n" + " return;\n" + "}\n"); + ASSERT_EQUALS("", errout_str()); } void alwaysTrueSymbolic()