cppcheck misses an uninitialized data error if assignment happens in a logical OR

[John Fitzgibbon]

Following is an example of a fairly simple uninitialized variable error that cppcheck misses. clang (scan-build) catches this.

I assume cppcheck is overlooking the fact that operations in a logical OR may not get executed.
-John

$ cat hello_buggy_world.c
#include <stdio.h>
#include <string.h>
#include <malloc.h>

int main()
{
    char *hello, *world;

    if (!(hello = malloc(10)) || !(world = malloc(10))) {
        free(hello);
        free(world);
        return 0;
    }
    strncpy(hello, "Hello", 10);
    strncpy(world, "World", 10);

    printf("%s %s!\n", hello, world);
    free(hello);
    free(world);

    return 0;
}
$
$
$ cppcheck --force --error-exitcode=1 --enable=warning hello_buggy_world.c && gcc -O0 -o hello_buggy_world hello_buggy_world.c
Checking hello_buggy_world.c ...
$
$
$ scan-build gcc -O0 -o hello_buggy_world hello_buggy_world.c
scan-build: Using '/usr/bin/clang' for static analysis
hello_buggy_world.c:11:9: warning: Function call argument is an uninitialized value
free(world);
^~~~~~~~~~~
1 warning generated.
scan-build: 1 bugs found.
scan-build: Run 'scan-view /tmp/scan-build-2019-04-08-144502-27844-1' to examine bug reports.

[Daniel Marjamäki]

Thanks. I created this trac ticket: https://trac.cppcheck.net/ticket/9116