Fix #10838 Crash/nullptr deref in getEndOfExprScope() (danmar#3870)

chrchr-github · web-flow · commit 2dd6c75b35d8 · 2022-03-03T17:08:23.000+01:00
* Fix #10838 Crash/nullptr deref in getEndOfExprScope()

* Format
diff --git a/lib/valueflow.cpp b/lib/valueflow.cpp
@@ -3522,6 +3522,8 @@ static void valueFlowForwardLifetime(Token * tok, TokenList *tokenlist, ErrorLog
             return;
 
         const Token* expr = getLHSVariableToken(parent);
+        if (!expr)
+            return;
 
         const Token* endOfVarScope = getEndOfExprScope(expr);
 
diff --git a/test/testvalueflow.cpp b/test/testvalueflow.cpp
@@ -700,6 +700,19 @@ class TestValueFlow : public TestFixture {
                 "};\n";
         lifetimes = lifetimeValues(code, "=");
         ASSERT_EQUALS(true, lifetimes.empty());
+
+        code  = "struct T {\n" // #10838
+                "     void f();\n"
+                "     double d[4][4];\n"
+                "};\n"
+                "void T::f() {\n"
+                "    auto g = [this]() -> double(&)[4] {\n"
+                "        double(&q)[4] = d[0];\n"
+                "        return q;\n"
+                "    };\n"
+                "}\n";
+        lifetimes = lifetimeValues(code, "return"); // don't crash
+        ASSERT_EQUALS(true, lifetimes.empty());
     }
 
     void valueFlowArrayElement() {
