From 6c5d17b166903de8309967145b6215909bcbb8b0 Mon Sep 17 00:00:00 2001 From: Francois Berder Date: Fri, 26 Dec 2025 12:59:36 +0100 Subject: [PATCH 1/3] Fix #8260 Improve check: Pointer calculation result not null Signed-off-by: Francois Berder --- lib/checkcondition.cpp | 30 +++++++++++++++++++++++++++--- test/testcondition.cpp | 14 +++++++++++++- 2 files changed, 40 insertions(+), 4 deletions(-) diff --git a/lib/checkcondition.cpp b/lib/checkcondition.cpp index 5f35f443cbf..d269b979314 100644 --- a/lib/checkcondition.cpp +++ b/lib/checkcondition.cpp @@ -1782,15 +1782,39 @@ void CheckCondition::checkPointerAdditionResultNotNull() if (tok->isExpandedMacro()) continue; - const Token *calcToken, *exprToken; + const Token *calcToken = NULL, *exprToken = NULL; if (tok->astOperand1()->str() == "+") { calcToken = tok->astOperand1(); exprToken = tok->astOperand2(); } else if (tok->astOperand2()->str() == "+") { calcToken = tok->astOperand2(); exprToken = tok->astOperand1(); - } else - continue; + } else { + const Token *pointerToken = NULL; + if (tok->astOperand1()->variable() && tok->astOperand1()->variable()->isPointer()) + pointerToken = tok->astOperand1(); + else if (tok->astOperand2()->variable() && tok->astOperand2()->variable()->isPointer()) + pointerToken = tok->astOperand2(); + + if (!pointerToken) + continue; + + const std::list &tokenValues = pointerToken->values(); + for (const ValueFlow::Value &val : tokenValues) { + if (val.isSymbolicValue()) { + if (val.tokvalue->str() == "+") { + calcToken = val.tokvalue; + if (pointerToken == tok->astOperand1()) + exprToken = tok->astOperand2(); + else + exprToken = tok->astOperand1(); + break; + } + } + } + if (!calcToken || !exprToken) + continue; + } // pointer comparison against NULL (ptr+12==0) if (calcToken->hasKnownIntValue()) diff --git a/test/testcondition.cpp b/test/testcondition.cpp index ffeca5c5be7..4d2bfbad400 100644 --- a/test/testcondition.cpp +++ b/test/testcondition.cpp @@ -6026,7 +6026,19 @@ class TestCondition : public TestFixture { " if (ptr + 1 != 0);\n" "}"); ASSERT_EQUALS("[test.cpp:2:15]: (warning) Comparison is wrong. Result of 'ptr+1' can't be 0 unless there is pointer overflow, and pointer overflow is undefined behaviour. [pointerAdditionResultNotNull]\n", errout_str()); - } + + // #8260 + check("void f(int *p) {\n" + " int * q = p + 1;\n" + " if (q != 0);\n" + "}"); + ASSERT_EQUALS("[test.cpp:3:9]: (warning) Comparison is wrong. Result of 'p+1' can't be 0 unless there is pointer overflow, and pointer overflow is undefined behaviour. [pointerAdditionResultNotNull]\n", errout_str()); + check("void f(int *p) {\n" + " int * q = p + 1;\n" + " if (0 != q);\n" + "}"); + ASSERT_EQUALS("[test.cpp:3:9]: (warning) Comparison is wrong. Result of 'p+1' can't be 0 unless there is pointer overflow, and pointer overflow is undefined behaviour. [pointerAdditionResultNotNull]\n", errout_str()); + } void duplicateConditionalAssign() { setMultiline(); From a455bb24a6ac21c451cfdf5d070dde4aadb16e1e Mon Sep 17 00:00:00 2001 From: Francois Berder Date: Fri, 26 Dec 2025 18:31:09 +0100 Subject: [PATCH 2/3] fixup! Fix #8260 Improve check: Pointer calculation result not null --- test/testcondition.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/testcondition.cpp b/test/testcondition.cpp index 4d2bfbad400..aa169c01c55 100644 --- a/test/testcondition.cpp +++ b/test/testcondition.cpp @@ -6038,7 +6038,7 @@ class TestCondition : public TestFixture { " if (0 != q);\n" "}"); ASSERT_EQUALS("[test.cpp:3:9]: (warning) Comparison is wrong. Result of 'p+1' can't be 0 unless there is pointer overflow, and pointer overflow is undefined behaviour. [pointerAdditionResultNotNull]\n", errout_str()); - } + } void duplicateConditionalAssign() { setMultiline(); From 4b1135dc7682c44a2fa2c43d059b85093bb358d0 Mon Sep 17 00:00:00 2001 From: Francois Berder Date: Fri, 26 Dec 2025 19:22:26 +0100 Subject: [PATCH 3/3] fixup! fixup! Fix #8260 Improve check: Pointer calculation result not null --- lib/checkcondition.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/checkcondition.cpp b/lib/checkcondition.cpp index d269b979314..ccc87d9364a 100644 --- a/lib/checkcondition.cpp +++ b/lib/checkcondition.cpp @@ -1782,7 +1782,7 @@ void CheckCondition::checkPointerAdditionResultNotNull() if (tok->isExpandedMacro()) continue; - const Token *calcToken = NULL, *exprToken = NULL; + const Token *calcToken = nullptr, *exprToken = nullptr; if (tok->astOperand1()->str() == "+") { calcToken = tok->astOperand1(); exprToken = tok->astOperand2(); @@ -1790,7 +1790,7 @@ void CheckCondition::checkPointerAdditionResultNotNull() calcToken = tok->astOperand2(); exprToken = tok->astOperand1(); } else { - const Token *pointerToken = NULL; + const Token *pointerToken = nullptr; if (tok->astOperand1()->variable() && tok->astOperand1()->variable()->isPointer()) pointerToken = tok->astOperand1(); else if (tok->astOperand2()->variable() && tok->astOperand2()->variable()->isPointer())