<html>
    <head>
      <base href="http://llvm.org/bugs/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW --- - False positive null pointer dereference, comparison against pointer that can be null in loop"
   href="http://llvm.org/bugs/show_bug.cgi?id=18388">18388</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>False positive null pointer dereference, comparison against pointer that can be null in loop
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>clang
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>unspecified
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>PC
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Linux
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>Static Analyzer
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>kremenek@apple.com
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>daniel.marjamaki@evidente.se
          </td>
        </tr>

        <tr>
          <th>CC</th>
          <td>llvmbugs@cs.uiuc.edu
          </td>
        </tr>

        <tr>
          <th>Classification</th>
          <td>Unclassified
          </td>
        </tr></table>
      <p>
        <div>
        <pre>CLANG revision: 198553.

Reduced example code:

struct Token {
    Token *next() const;
    Token *linkAt(int) const;
    static bool Match(const Token *tok, const char pattern[], unsigned int
varId=0);
    char *str;
};

struct Variable { const Token *nameToken() const; };

void CheckStlIterators(const Variable *var, unsigned int iteratorId)
{
    const Token* validatingToken = 0;

    for (const Token *tok2 = var->nameToken(); tok2 != var->nameToken(); tok2 =
tok2->next()) {
        if (Token::Match(tok2, "%varid% = %var% . erase (", iteratorId))
            validatingToken = tok2->linkAt(5);
        if (tok2 == validatingToken) {}
        if (tok2->str) {}
    }
}



As far as I see (from my experience reducing the code), the false positive is
written because tok2 is compared against validatingToken in the loop which can
be NULL. However the validatingToken is NULL by intention when it is
"disabled". It is set to a non-NULL value in the loop when it is activated.

Original source code:
<a href="https://github.com/danmar/cppcheck/blob/1b0dd00/lib/checkstl.cpp#L67">https://github.com/danmar/cppcheck/blob/1b0dd00/lib/checkstl.cpp#L67</a></pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are on the CC list for the bug.</li>
      </ul>
    </body>
</html>