Fix #10902 / #13560 FN danglingLifetime (stack address stored in static variable) (danmar#7225)

chrchr-github · web-flow · commit 74da6552c756 · 2025-01-16T10:41:35.000+01:00
diff --git a/lib/checkautovariables.cpp b/lib/checkautovariables.cpp
@@ -645,14 +645,14 @@ void CheckAutoVariables::checkVarLifetimeScope(const Token * start, const Token
                     const Token* nextTok = nextAfterAstRightmostLeaf(tok->astTop());
                     if (!nextTok)
                         nextTok = tok->next();
-                    if (var && !var->isLocal() && !var->isArgument() && !(val.tokvalue && val.tokvalue->variable() && val.tokvalue->variable()->isStatic()) &&
+                    if (var && (!var->isLocal() || var->isStatic()) && !var->isArgument() && !(val.tokvalue && val.tokvalue->variable() && val.tokvalue->variable()->isStatic()) &&
                         !isVariableChanged(nextTok,
                                            tok->scope()->bodyEnd,
                                            var->valueType() ? var->valueType()->pointer : 0,
                                            var->declarationId(),
                                            var->isGlobal(),
                                            *mSettings)) {
-                        errorDanglngLifetime(tok2, &val);
+                        errorDanglngLifetime(tok2, &val, var->isLocal());
                         break;
                     }
                 }
@@ -722,12 +722,13 @@ void CheckAutoVariables::errorDanglingTemporaryLifetime(const Token* tok, const
                 inconclusive ? Certainty::inconclusive : Certainty::normal);
 }
 
-void CheckAutoVariables::errorDanglngLifetime(const Token *tok, const ValueFlow::Value *val)
+void CheckAutoVariables::errorDanglngLifetime(const Token *tok, const ValueFlow::Value *val, bool isStatic)
 {
     const bool inconclusive = val ? val->isInconclusive() : false;
     ErrorPath errorPath = val ? val->errorPath : ErrorPath();
     std::string tokName = tok ? tok->expressionString() : "x";
-    std::string msg = "Non-local variable '" + tokName + "' will use " + lifetimeMessage(tok, val, errorPath);
+    std::string msg = isStatic ? "Static" : "Non-local";
+    msg += " variable '" + tokName + "' will use " + lifetimeMessage(tok, val, errorPath);
     errorPath.emplace_back(tok, "");
     reportError(errorPath, Severity::error, "danglingLifetime", msg + ".", CWE562, inconclusive ? Certainty::inconclusive : Certainty::normal);
 }
diff --git a/lib/checkautovariables.h b/lib/checkautovariables.h
@@ -75,7 +75,7 @@ class CPPCHECKLIB CheckAutoVariables : public Check {
     void errorAutoVariableAssignment(const Token *tok, bool inconclusive);
     void errorReturnDanglingLifetime(const Token *tok, const ValueFlow::Value* val);
     void errorInvalidLifetime(const Token *tok, const ValueFlow::Value* val);
-    void errorDanglngLifetime(const Token *tok, const ValueFlow::Value *val);
+    void errorDanglngLifetime(const Token *tok, const ValueFlow::Value *val, bool isStatic = false);
     void errorDanglingTemporaryLifetime(const Token* tok, const ValueFlow::Value* val, const Token* tempTok);
     void errorReturnReference(const Token* tok, ErrorPath errorPath, bool inconclusive);
     void errorDanglingReference(const Token *tok, const Variable *var, ErrorPath errorPath);
diff --git a/test/testautovariables.cpp b/test/testautovariables.cpp
@@ -3449,6 +3449,25 @@ class TestAutoVariables : public TestFixture {
               "    std::vector<int*> v;\n"
               "};\n");
         ASSERT_EQUALS("", errout_str());
+
+        // #13560
+        check("void f() {\n"
+              "    int a[] = { 1 };\n"
+              "    static int* p = nullptr;\n"
+              "    if (!p) {\n"
+              "        p = &a[0];\n"
+              "    }\n"
+              "    *p = 0;\n"
+              "}\n");
+        ASSERT_EQUALS("[test.cpp:5] -> [test.cpp:2] -> [test.cpp:7]: (error) Static variable 'p' will use pointer to local variable 'a'.\n", errout_str());
+
+        // #10902
+        check("void f() {\n"
+              "    static int* x;\n"
+              "    int y;\n"
+              "    x = &y;\n"
+              "}\n");
+        ASSERT_EQUALS("[test.cpp:4] -> [test.cpp:3] -> [test.cpp:4]: (error) Static variable 'x' will use pointer to local variable 'y'.\n", errout_str());
     }
 
     void danglingLifetimeFunction() {
