Static analyzer: Null pointer dereference
AnaLGiN83 opened this issue · 2 comments
Hello!
Svace static analyzer warning seems possible for me, so please confirm or disproof nullptr dereference possibility.
Static analyzer report:
After having been compared to a NULL value at pugixml.cpp:2390,
pointer 'dest' is passed as 1st parameter in call to function
'pugi::impl::(anonymous namespace)::xml_allocator::deallocate_string' at pugixml.cpp:2413,
where it is dereferenced at pugixml.cpp:686.
Line 2413 in c2c61a5
dest
can never be null in this branch because source_length == 0
implicitly checks for that condition. Unsure if your static analyzer processes assertions, adding assert(dest || source_length == 0);
to the top of the function may help silence this.
Sorry, I'm not reading the code right :) The fact that dest is not null is guaranteed by the bit check in the quoted line, the header always has a bit set if the string is allocated (which implies it's not null). So it's still a false positive, just not for the reason I mentioned.
Thanks for explanation!