Skip to content

Commit aa1bbf2

Browse files
danmardanmar
committed
Fixed #9679 (False positive: use this after free (lambda not executed directly))
1 parent cd13798 commit aa1bbf2

2 files changed

Lines changed: 20 additions & 1 deletion

File tree

lib/checkclass.cpp

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2699,9 +2699,12 @@ bool CheckClass::checkThisUseAfterFreeRecursive(const Scope *classScope, const F
26992699
} else if (isDestroyed && Token::Match(tok->previous(), "!!. %name%") && tok->variable() && tok->variable()->scope() == classScope && !tok->variable()->isStatic() && !tok->variable()->isArgument()) {
27002700
thisUseAfterFree(selfPointer->nameToken(), *freeToken, tok);
27012701
return true;
2702-
} else if (*freeToken && Token::Match(tok, "return|throw"))
2702+
} else if (*freeToken && Token::Match(tok, "return|throw")) {
27032703
// TODO
27042704
return tok->str() == "throw";
2705+
} else if (tok->str() == "{" && tok->scope()->type == Scope::ScopeType::eLambda) {
2706+
tok = tok->link();
2707+
}
27052708
}
27062709
return false;
27072710
}

test/testclass.cpp

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7306,6 +7306,22 @@ class TestClass : public TestFixture {
73067306
"\n"
73077307
"C* C::instanceSingleton;");
73087308
ASSERT_EQUALS("", errout.str());
7309+
7310+
// Avoid false positive when pointer is deleted in lambda
7311+
checkThisUseAfterFree("class C {\n"
7312+
"public:\n"
7313+
" void foo();\n"
7314+
" void set() { p = this; }\n"
7315+
" void dostuff() {}\n"
7316+
" C* p;\n"
7317+
"};\n"
7318+
"\n"
7319+
"void C::foo() {\n"
7320+
" auto done = [this] () { delete p; };\n"
7321+
" dostuff();\n"
7322+
" done();\n"
7323+
"}");
7324+
ASSERT_EQUALS("", errout.str());
73097325
}
73107326
};
73117327

0 commit comments

Comments
 (0)