Fix #13409 Crash in valueFlowUnknownFunctionReturn() (#7095)

danmar · Dec 11, 2024 · 8c2390e · 8c2390e
1 parent 9820403
commit 8c2390e
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/lib/library.cpp b/lib/library.cpp
@@ -1205,6 +1205,8 @@ const Library::AllocFunc* Library::getAllocFuncInfo(const Token *tok) const
 {
     while (Token::simpleMatch(tok, "::"))
         tok = tok->astOperand2() ? tok->astOperand2() : tok->astOperand1();
+    if (!tok)
+        return nullptr;
     const std::string funcname = getFunctionName(tok);
     return isNotLibraryFunction(tok) && mData->mFunctions.find(funcname) != mData->mFunctions.end() ? nullptr : getAllocDealloc(mData->mAlloc, funcname);
 }
@@ -1214,6 +1216,8 @@ const Library::AllocFunc* Library::getDeallocFuncInfo(const Token *tok) const
 {
     while (Token::simpleMatch(tok, "::"))
         tok = tok->astOperand2() ? tok->astOperand2() : tok->astOperand1();
+    if (!tok)
+        return nullptr;
     const std::string funcname = getFunctionName(tok);
     return isNotLibraryFunction(tok) && mData->mFunctions.find(funcname) != mData->mFunctions.end() ? nullptr : getAllocDealloc(mData->mDealloc, funcname);
 }
@@ -1223,6 +1227,8 @@ const Library::AllocFunc* Library::getReallocFuncInfo(const Token *tok) const
 {
     while (Token::simpleMatch(tok, "::"))
         tok = tok->astOperand2() ? tok->astOperand2() : tok->astOperand1();
+    if (!tok)
+        return nullptr;
     const std::string funcname = getFunctionName(tok);
     return isNotLibraryFunction(tok) && mData->mFunctions.find(funcname) != mData->mFunctions.end() ? nullptr : getAllocDealloc(mData->mRealloc, funcname);
 }

diff --git a/test/testvalueflow.cpp b/test/testvalueflow.cpp
@@ -137,6 +137,7 @@ class TestValueFlow : public TestFixture {
         TEST_CASE(valueFlowDynamicBufferSize);
 
         TEST_CASE(valueFlowSafeFunctionParameterValues);
+        TEST_CASE(valueFlowUnknownFunctionReturn);
         TEST_CASE(valueFlowUnknownFunctionReturnRand);
         TEST_CASE(valueFlowUnknownFunctionReturnMalloc);
 
@@ -7240,6 +7241,14 @@ class TestValueFlow : public TestFixture {
         ASSERT_EQUALS(100, values.back().intvalue);
     }
 
+    void valueFlowUnknownFunctionReturn() {
+        const char code[] = "template <typename T>\n" // #13409
+                            "struct S {\n"
+                            "    std::max_align_t T::* m;\n"
+                            "    S(std::max_align_t T::* p) : m(p) {}\n"
+                            "};\n";
+        (void)valueOfTok(code, ":"); // don't crash
+    }
 
     void valueFlowUnknownFunctionReturnRand() {
         const char *code;