cppcheck / Discussion / Development: Crash with --enable=unusedFunction

Hi,

Cppcheck 2.7 is crashing when I run it on one of my source code files. I've managed to create a minimum example of the crash and how it can be workarounded. The crash was originally seen using boost sml.

I'm using the following command line to run cppcheck:

cppcheck cppfail.cpp --std=c++17 --enable=unusedFunction

Original file: https://godbolt.org/z/f5aKc43hG (compiles but crashes cppcheck):

#include <optional>
#include <boost/sml.hpp>

struct e1 {
};

struct s1 {
};

struct A {
    auto operator()() const
    {
        using namespace boost::sml;
        return make_transition_table(*state<s1> + event<e1> = X);
    }
};

std::optional<boost::sml::sm<A>> sm;

int main()
{
    sm.reset();
}

Interestingly enough, it won't crash if the sm variable is renamed to anything else.

I'll use the type foo::bar<T> from the fictitious foo/bar.hpplibrary from here. The following snippets won't compile, then.

Crashes:

#include <optional>
#include <foo/bar.hpp>

struct A {
};

std::optional<foo::bar<A>> bar;

Does not crash (not using std::optional):

#include <foo/bar.hpp>

struct A {
};

template <typename T>
struct optional {
};

optional<foo::bar<A>> bar;

Does not crash either (rename of bar):

#include <optional>
#include <foo/bar.hpp>

struct A {
};

std::optional<foo::bar<A>> name_other_than_bar;

Backtrace at the moment of the crash (run on Ubuntu 22.04 cppcheck version 2.7-1):

#0  0x00005555557d7fcb in Token::linkAt(int) const ()
#1  0x00005555556d55ae in CheckUnusedFunctions::parseTokens(Tokenizer const&, char const*, Settings const*) ()
#2  0x00005555556d5c44 in CheckUnusedFunctions::getFileInfo(Tokenizer const*, Settings const*) const ()
#3  0x00005555556fe435 in CppCheck::checkNormalTokens(Tokenizer const&) ()
#4  0x0000555555703ed9 in CppCheck::checkFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::istream&) ()
#5  0x00005555556fb51f in CppCheck::check(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) ()
#6  0x00005555555f20d6 in CppCheckExecutor::check_internal(CppCheck&, int, char const* const*) ()
#7  0x00005555555f256c in CppCheckExecutor::check(int, char const* const*) ()
#8  0x00005555555dd702 in main ()

PS: ftok->link() is returning nullptr here, with the following change the crash does not happen. There must be something happening in an unexpected way before this point, though.

diff --git a/lib/checkunusedfunctions.cpp b/lib/checkunusedfunctions.cpp
index e8cc100f3..ceba8960e 100644
--- a/lib/checkunusedfunctions.cpp
+++ b/lib/checkunusedfunctions.cpp
@@ -234,7 +234,7 @@ void CheckUnusedFunctions::parseTokens(const Tokenizer &tokenizer, const char Fi
             const Token *ftok = funcname->next();
             if (ftok->str() == "<")
                 ftok = ftok->link();
-            if (Token::Match(ftok->linkAt(1), ") const|throw|{"))
+            if (!ftok || Token::Match(ftok->linkAt(1), ") const|throw|{"))
                 funcname = nullptr;
         }

Thanks in advance.

👍

Crash with --enable=unusedFunction

Static source code analysis tool for C and C++ code

Forums

Help

Crash with --enable=unusedFunction

Crash with --enable=unusedFunction

Static source code analysis tool for C and C++ code

Forums

Help

Crash with --enable=unusedFunction document.SUBSCRIPTION_OPTIONS = { "thing": "topic", "subscribed": false, "url": "subscribe", "icon": { "css": "fa fa-envelope-o" } };

Crash with --enable=unusedFunction