Test branch

[bugdiff[bot]]

<!DOCTYPE html>

Bug Summary

File:	test.c
Location:	line 34, column 12
Description:	Dereference of null pointer (loaded from variable 'p3')

Annotated Source Code

1	#include <stdio.h>
2	#include <string.h>
3	#include "helper.h"
4
5
6	// Dereference pointer without checking if NULL
7	int helper2(int* p) {
8	printf("wow\n");
9	return *p + 4;
10	}
11
12	int main(int argc, char* argv[]) {
13	int num1 = 15;
14	int num2 = 20;
15
16	int* p1 = &num1;
17	int* p2 = &num2;
18
19	if (argc >= 2 && strcmp(argv[1], "wow") == 0) {
	1 Assuming 'argc' is < 2 →
20	p1 = NULL((void*)0);
21	}
22
23	if (argc >= 2 && strcmp(argv[1], "test") == 0) {
24	p2 = NULL((void*)0);
25	}
26
27	printf("amazing\n");
28
29	printf("num1 + 4 is %d\n", helper2(p1));
30	printf("num2 - 5 is %d\n", *p2);
31
32	int* p3 = NULL((void*)0);
	2 ← 'p3' initialized to a null pointer value →
33
34	return *p3;
	3 ← Dereference of null pointer (loaded from variable 'p3')
35	}

[bugdiff[bot]]

<!DOCTYPE html>

Bug Summary

File:	test.c
Location:	line 30, column 32
Description:	Dereference of null pointer (loaded from variable 'p2')

Annotated Source Code

1	#include <stdio.h>
2	#include <string.h>
3	#include "helper.h"
4
5
6	// Dereference pointer without checking if NULL
7	int helper2(int* p) {
8	printf("wow\n");
9	return *p + 4;
10	}
11
12	int main(int argc, char* argv[]) {
13	int num1 = 15;
14	int num2 = 20;
15
16	int* p1 = &num1;
17	int* p2 = &num2;
18
19	if (argc >= 2 && strcmp(argv[1], "wow") == 0) {
	1 Assuming 'argc' is >= 2 →
	2 ← Taking false branch →
20	p1 = NULL((void*)0);
21	}
22
23	if (argc >= 2 && strcmp(argv[1], "test") == 0) {
	3 ← Taking true branch →
24	p2 = NULL((void*)0);
	4 ← Null pointer value stored to 'p2' →
25	}
26
27	printf("amazing\n");
28
29	printf("num1 + 4 is %d\n", helper2(p1));
30	printf("num2 - 5 is %d\n", *p2);
	5 ← Dereference of null pointer (loaded from variable 'p2')
31
32	int* p3 = NULL((void*)0);
33
34	return *p3;
35	}