Fixed uninitialized variable FP after realloc if it fails. Related with ticket: cppcheck-opensource#5240

danmar · danmar · commit 3e6fbc651702 · 2013-12-13T07:15:59.000+01:00
diff --git a/lib/checkuninitvar.cpp b/lib/checkuninitvar.cpp
@@ -614,6 +614,8 @@ class UninitVar : public ExecutionPath {
             if (Token::Match(&tok, "free|kfree|fclose ( %var% )") ||
                 Token::Match(&tok, "realloc ( %var%")) {
                 dealloc_pointer(checks, tok.tokAt(2));
+                if (tok.str() == "realloc")
+                    ExecutionPath::bailOutVar(checks, tok.tokAt(2)->varId());
                 return tok.tokAt(3);
             }
 
diff --git a/test/testuninitvar.cpp b/test/testuninitvar.cpp
@@ -106,6 +106,13 @@ class TestUninitVar : public TestFixture {
                        "}");
         ASSERT_EQUALS("[test.cpp:3]: (error) Uninitialized variable: p\n", errout.str());
 
+        checkUninitVar("void foo() {\n" // #5240
+                       "    char *p = malloc(100);\n"
+                       "    char *tmp = realloc(p,1000);\n"
+                       "    if (!tmp) free(p);\n"
+                       "}");
+        ASSERT_EQUALS("", errout.str());
+
         checkUninitVar("void foo() {\n"
                        "    int *p = NULL;\n"
                        "    realloc(p,10);\n"

Original file line number	Diff line number	Diff line change
`@@ -614,6 +614,8 @@ class UninitVar : public ExecutionPath {`
`614`	`614`	`if (Token::Match(&tok, "free\|kfree\|fclose ( %var% )") \|\|`
`615`	`615`	`Token::Match(&tok, "realloc ( %var%")) {`
`616`	`616`	`dealloc_pointer(checks, tok.tokAt(2));`
	`617`	`+ if (tok.str() == "realloc")`
	`618`	`+ ExecutionPath::bailOutVar(checks, tok.tokAt(2)->varId());`
`617`	`619`	`return tok.tokAt(3);`
`618`	`620`	`}`
`619`	`621`