False positive: [nullPointer] in conditional expression

[Jo]

I have a perfectly valid piece of C code, stripped down from a real-world example which gets a false positive nullPointer warning from cppcheck 2.1. File t.c is attached.

The cppcheck result is this:

# cppcheck --enable=all t.c
Checking t.c ...
t.c:7:15: style: Condition '!*(&sPtr)' is always true [knownConditionTrueFalse]
    int sz = (!*(&sPtr) || ((*(&sPtr))->entry[0] > 15)) ?
              ^
t.c:7:18: note: Address of variable taken here.
    int sz = (!*(&sPtr) || ((*(&sPtr))->entry[0] > 15)) ?
                 ^
t.c:6:29: note: Assignment 'sPtr=NULL', assigned value is 0
    struct myStruct* sPtr = NULL;
                            ^
t.c:7:15: note: Condition '!*(&sPtr)' is always true
    int sz = (!*(&sPtr) || ((*(&sPtr))->entry[0] > 15)) ?
              ^
t.c:7:30: error: Null pointer dereference: *(&sPtr) [nullPointer]
    int sz = (!*(&sPtr) || ((*(&sPtr))->entry[0] > 15)) ?
                             ^
t.c:7:32: note: Address of variable taken here.
    int sz = (!*(&sPtr) || ((*(&sPtr))->entry[0] > 15)) ?
                               ^
t.c:6:29: note: Assignment 'sPtr=NULL', assigned value is 0
    struct myStruct* sPtr = NULL;
                            ^
t.c:7:30: note: Null pointer dereference
    int sz = (!*(&sPtr) || ((*(&sPtr))->entry[0] > 15)) ?
                             ^
nofile:0:0: information: Cppcheck cannot find all the include files (use --check-config for details) [missingIncludeSystem]

The bug is: although cppcheck realizes that the first term in the boolean expression is always true (and hence could ignore the 2nd term), it still checks the 2nd term and finds a null pointer dereference.

I'd appreciate if someone could verify this and file a bug report for me in Trac.
Thanks,
-Jochen

[Daniel Marjamäki]

Thanks! I can reproduce with git head. I created ticket https://trac.cppcheck.net/ticket/9807