CheckAutoVariables: use ValueFlow to detect more errors when pointer aliases are used

danmar · danmar · commit c10a10c26ff4 · 2015-11-15T12:10:35.000+01:00
diff --git a/lib/checkautovariables.cpp b/lib/checkautovariables.cpp
@@ -88,9 +88,21 @@ bool CheckAutoVariables::isAutoVar(const Token *tok)
 
 bool CheckAutoVariables::isAutoVarArray(const Token *tok)
 {
+    // Variable
     const Variable *var = tok->variable();
+    if (var && var->isLocal() && !var->isStatic() && var->isArray() && !var->isPointer())
+        return true;
 
-    return (var && var->isLocal() && !var->isStatic() && var->isArray() && !var->isPointer());
+    // ValueFlow
+    if (var && var->isPointer()) {
+        for (std::list<ValueFlow::Value>::const_iterator it = tok->values.begin(); it != tok->values.end(); ++it) {
+            const ValueFlow::Value &val = *it;
+            if (val.tokvalue && isAutoVarArray(val.tokvalue))
+                return true;
+        }
+    }
+
+    return false;
 }
 
 // Verification that we really take the address of a local variable
diff --git a/test/testautovariables.cpp b/test/testautovariables.cpp
@@ -634,6 +634,14 @@ class TestAutoVariables : public TestFixture {
               "}");
         ASSERT_EQUALS("[test.cpp:4]: (error) Pointer to local array variable returned.\n", errout.str());
 
+        check("char *foo()\n" // use ValueFlow
+              "{\n"
+              "    char str[100] = {0};\n"
+              "    char *p = str;\n"
+              "    return p;\n"
+              "}");
+        ASSERT_EQUALS("[test.cpp:5]: (error) Pointer to local array variable returned.\n", errout.str());
+
         check("class Fred {\n"
               "    char *foo();\n"
               "};\n"
