Fix #13296 nullptr dereference in CheckLeakAutoVar::checkScope() (#6995)

chrchr-github · web-flow · commit c36c8a61cf9f · 2024-11-11T23:10:47.000+01:00
diff --git a/lib/checkleakautovar.cpp b/lib/checkleakautovar.cpp
@@ -455,7 +455,7 @@ bool CheckLeakAutoVar::checkScope(const Token * const startToken,
             bool skipElseBlock = false;
             const Token *condTok = tok->astSibling();
 
-            if (condTok->hasKnownIntValue()) {
+            if (condTok && condTok->hasKnownIntValue()) {
                 skipIfBlock = !condTok->getKnownIntValue();
                 skipElseBlock = !skipIfBlock;
             }
diff --git a/test/testleakautovar.cpp b/test/testleakautovar.cpp
@@ -151,6 +151,7 @@ class TestLeakAutoVar : public TestFixture {
         TEST_CASE(ifelse26);
         TEST_CASE(ifelse27);
         TEST_CASE(ifelse28); // #11038
+        TEST_CASE(ifelse29);
 
         // switch
         TEST_CASE(switch1);
@@ -2322,6 +2323,18 @@ class TestLeakAutoVar : public TestFixture {
         ASSERT_EQUALS("", errout_str());
     }
 
+    void ifelse29() { // #13296
+        check("struct S {\n"
+              "    typedef int (S::* func_t)(int) const;\n"
+              "    void f(func_t pfn);\n"
+              "    int g(int) const;\n"
+              "};\n"
+              "void S::f(func_t pfn) {\n"
+              "    if (pfn == (func_t)&S::g) {}\n"
+              "}\n", true);
+        ASSERT_EQUALS("", errout_str()); // don't crash
+    }
+
     void switch1() {
         check("void f() {\n"
               "    char *p = 0;\n"

Original file line number	Diff line number	Diff line change
`@@ -455,7 +455,7 @@ bool CheckLeakAutoVar::checkScope(const Token * const startToken,`
`455`	`455`	`bool skipElseBlock = false;`
`456`	`456`	`const Token *condTok = tok->astSibling();`
`457`	`457`
`458`		`- if (condTok->hasKnownIntValue()) {`
	`458`	`+ if (condTok && condTok->hasKnownIntValue()) {`
`459`	`459`	`skipIfBlock = !condTok->getKnownIntValue();`
`460`	`460`	`skipElseBlock = !skipIfBlock;`
`461`	`461`	`}`