Fix issue 9842: ValueFlow: wrong handling of ?, seems to think that the whole expression is a condition (danmar#2821)

pfultz2 · web-flow · commit d9eacaecbbcb · 2020-09-23T07:45:03.000+02:00
diff --git a/lib/valueflow.cpp b/lib/valueflow.cpp
@@ -2033,9 +2033,12 @@ static void valueFlowBeforeCondition(TokenList *tokenlist, SymbolDatabase *symbo
                        Token::Match(tok, "%oror%|&& %name% %oror%|&&|)")) {
                 vartok = tok->next();
                 num = 0;
-            } else if (Token::Match(tok, "[!?]") && Token::Match(tok->astOperand1(), "%name%")) {
+            } else if (Token::simpleMatch(tok, "!") && Token::Match(tok->astOperand1(), "%name%")) {
                 vartok = tok->astOperand1();
                 num = 0;
+            } else if (Token::simpleMatch(tok->astParent(), "?") && Token::Match(tok, "%name%")) {
+                vartok = tok;
+                num = 0;
             } else {
                 continue;
             }
@@ -2046,7 +2049,7 @@ static void valueFlowBeforeCondition(TokenList *tokenlist, SymbolDatabase *symbo
             if (varid == 0U || !var)
                 continue;
 
-            if (tok->str() == "?" && tok->isExpandedMacro()) {
+            if (Token::simpleMatch(tok->astParent(), "?") && tok->astParent()->isExpandedMacro()) {
                 if (settings->debugwarnings)
                     bailout(tokenlist, errorLogger, tok, "variable " + var->name() + ", condition is defined in macro");
                 continue;
diff --git a/test/testnullpointer.cpp b/test/testnullpointer.cpp
@@ -100,6 +100,7 @@ class TestNullPointer : public TestFixture {
         TEST_CASE(nullpointer57); // #9751
         TEST_CASE(nullpointer58); // #9807
         TEST_CASE(nullpointer59); // #9897
+        TEST_CASE(nullpointer60); // #9842
         TEST_CASE(nullpointer_addressOf); // address of
         TEST_CASE(nullpointerSwitch); // #2626
         TEST_CASE(nullpointer_cast); // #4692
@@ -1878,6 +1879,19 @@ class TestNullPointer : public TestFixture {
         ASSERT_EQUALS("", errout.str());
     }
 
+    void nullpointer60() {
+        check("void f(){\n"
+              "    char uuid[128];\n"
+              "    char *s1;\n"
+              "    memset(uuid, 0, sizeof(uuid));\n"
+              "    s1 = strchr(uuid, '=');\n"
+              "    s1 = s1 ? s1 + 1 : &uuid[5];\n"
+              "    if (!strcmp(\"00000000000000000000000000000000\", s1) )\n"
+              "        return;\n"
+              "}\n");
+        ASSERT_EQUALS("", errout.str());
+    }
+
     void nullpointer_addressOf() { // address of
         check("void f() {\n"
               "  struct X *x = 0;\n"
