C++: Fix implicit-this FP, uncovered non-funptr FP

Author: d10c

cpp/ql/src/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation.ql

@@ -13,10 +13,10 @@ import semmle.code.cpp.commons.Exclusions
 
 /** Gets the sub-expression of 'e' with the earliest-starting Location */
 Expr normalizeExpr(Expr e) {
-  if exists(e.(Call).getQualifier())
+  if forex(Expr q | q = e.(Call).getQualifier() | not q instanceof ThisExpr)
   then result = normalizeExpr(e.(Call).getQualifier())
   else
-    if exists(e.(FieldAccess).getQualifier())
+    if forex(Expr q | q = e.(FieldAccess).getQualifier() | not q instanceof ThisExpr)
     then result = normalizeExpr(e.(FieldAccess).getQualifier())
     else
       if e.hasExplicitConversion()

cpp/ql/test/query-tests/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation/test.cpp

@@ -15,7 +15,24 @@ struct X {
 
 #define BAZ //printf
 
-int test(int i, int j, int (*foo)(int), int (*bar)(int, int))
+struct Foo {
+	int i;
+	int j;
+	virtual int foo(int) = 0;
+	virtual int bar(int, int) = 0;
+	int test(int (*baz)(int));
+
+	struct Tata {
+		struct Titi {
+			void tutu() {}
+			long toto() { return 42; }
+		} titi;
+	} *tata;
+
+	Tata::Titi **titi_ptr_ptr;
+};
+
+int Foo::test(int (*baz)(int))
 {
 	// Comma in simple if statement (prototypical example):
 
@@ -123,9 +140,13 @@ int test(int i, int j, int (*foo)(int), int (*bar)(int, int))
 
 	// LHS ends on same line RHS begins on:
 
-	int k = (foo(
+	int k1 = (foo(
+		i++
+	), j++); // GOOD? [FALSE POSITIVE]
+
+	int k2 = (baz(
 		i++
-	), j++); // GOOD?
+	), j++); // GOOD when it's a function-pointer call!?
 
 	// Weird cases:
 
@@ -135,17 +156,13 @@ int test(int i, int j, int (*foo)(int), int (*bar)(int, int))
 			? 1
 			: 2;
 
-	struct {
-		struct {
-			void tutu() {}
-			long toto() { return 42; }
-		} titi;
-	} *tata;
-
     int quux =
       (tata->titi.tutu(),
        foo(tata->titi.toto())); // GOOD
 
+	(*titi_ptr_ptr)->tutu(), // GOOD
+	(&i)[0] += (int)(*titi_ptr_ptr)->toto();
+
 	return quux;
 }