Fix #14005 FP: returnDanglingLifetime while returning reference to struct field

web-flow · web-flow · commit 9778fd22cba8 · 2025-07-10T22:13:35.000+02:00
diff --git a/lib/valueflow.cpp b/lib/valueflow.cpp
@@ -15,7 +15,7 @@
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
-
+#include <iostream>
 /**
  * @brief This is the ValueFlow component in Cppcheck.
  *
@@ -3119,6 +3119,14 @@ static void valueFlowLifetime(TokenList &tokenlist, ErrorLogger &errorLogger, co
         else if (tok->isUnaryOp("&")) {
             if (Token::simpleMatch(tok->astParent(), "*"))
                 continue;
+            if (Token::simpleMatch(tok->astOperand1(), "[")) {
+                const Token* const op1 = tok->astOperand1()->astOperand1();
+                const Token* tok2 = op1;
+                while (Token::simpleMatch(tok2, "."))
+                    tok2 = tok2->astOperand2();
+                if (tok2 && tok2 != op1 && (!tok2->variable() || !tok2->variable()->isArray()))
+                    continue;
+            }
             for (const ValueFlow::LifetimeToken& lt : ValueFlow::getLifetimeTokens(tok->astOperand1(), settings)) {
                 if (!settings.certainty.isEnabled(Certainty::inconclusive) && lt.inconclusive)
                     continue;
diff --git a/test/testautovariables.cpp b/test/testautovariables.cpp
@@ -78,6 +78,7 @@ class TestAutoVariables : public TestFixture {
         TEST_CASE(testautovar_return3);
         TEST_CASE(testautovar_return4);
         TEST_CASE(testautovar_return5);
+        TEST_CASE(testautovar_return6);
         TEST_CASE(testautovar_extern);
         TEST_CASE(testautovar_reassigned);
         TEST_CASE(testinvaliddealloc);
@@ -624,6 +625,17 @@ class TestAutoVariables : public TestFixture {
         ASSERT_EQUALS("", errout_str());
     }
 
+    void testautovar_return6() { // #14005
+        check("struct S;\n"
+              "struct S { const struct S *s; };\n"
+              "extern struct T factory();\n"
+              "const struct S* f() {\n"
+              "    struct T t = factory();\n"
+              "    return &t.s[0];\n"
+              "}\n");
+        ASSERT_EQUALS("", errout_str());
+    }
+
     void testautovar_extern() {
         check("struct foo *f()\n"
               "{\n"
