Fix #12861 Hang in valueFlowCondition() with huge array

clock999 · clock999 · commit e190ffa715b1 · 2025-08-21T06:52:25.000+08:00
diff --git a/lib/forwardanalyzer.cpp b/lib/forwardanalyzer.cpp
@@ -610,7 +610,7 @@ namespace {
                     // In the middle of a loop structure so bail
                     return Break(Analyzer::Terminate::Bail);
                 } else if (tok->str() == ";" && tok->astParent()) {
-                    Token* top = tok->astTop();
+                    Token* top = tok->astFinalTop();
                     if (Token::Match(top->previous(), "for|while (") && Token::simpleMatch(top->link(), ") {")) {
                         Token* endCond = top->link();
                         Token* endBlock = endCond->linkAt(1);
diff --git a/lib/reverseanalyzer.cpp b/lib/reverseanalyzer.cpp
@@ -295,7 +295,7 @@ namespace {
                     if (!condTok)
                         break;
                     Analyzer::Action condAction = analyzeRecursive(condTok);
-                    const bool inLoop = Token::Match(condTok->astTop()->previous(), "for|while (");
+                    const bool inLoop = Token::Match(condTok->astFinalTop()->previous(), "for|while (");
                     // Evaluate condition of for and while loops first
                     if (inLoop) {
                         if (Token::findmatch(tok->link(), "goto|break", tok))
diff --git a/lib/token.h b/lib/token.h
@@ -88,6 +88,7 @@ struct TokenImpl {
     Token* mAstOperand1{};
     Token* mAstOperand2{};
     Token* mAstParent{};
+    Token* mAstTop{};
 
     // symbol database information
     const Scope* mScope{};
@@ -1545,6 +1546,32 @@ class CPPCHECKLIB Token {
         return ret;
     }
 
+    RET_NONNULL Token *astFinalTop() {
+        Token *ret = this;
+        if (mImpl->mAstTop) {
+            return mImpl->mAstTop;
+        }
+        while (ret->mImpl->mAstParent)
+            ret = ret->mImpl->mAstParent;
+        if (mImpl->mAstParent) {
+            mImpl->mAstTop = ret;
+        }
+        return ret;
+    }
+
+    RET_NONNULL const Token *astFinalTop() const {
+        const Token *ret = this;
+        if (ret->mImpl->mAstTop) {
+            return ret->mImpl->mAstTop;
+        }
+        while (ret->mImpl->mAstParent)
+            ret = ret->mImpl->mAstParent;
+        if (mImpl->mAstParent) {
+            mImpl->mAstTop = const_cast<Token *>(ret);
+        }
+        return ret;
+    }
+
     std::pair<const Token *, const Token *> findExpressionStartEndTokens() const;
 
     /**
diff --git a/lib/valueflow.cpp b/lib/valueflow.cpp
@@ -4598,7 +4598,7 @@ struct ConditionHandler {
                 if (Token::Match(tok, ":|;|,"))
                     continue;
 
-                const Token* top = tok->astTop();
+                const Token* top = tok->astFinalTop();
 
                 if (!Token::Match(top->previous(), "if|while|for (") && !Token::Match(tok->astParent(), "&&|%oror%|?|!"))
                     continue;
@@ -4632,7 +4632,7 @@ struct ConditionHandler {
             if (tok->hasKnownIntValue())
                 return;
 
-            Token* top = tok->astTop();
+            Token* top = tok->astFinalTop();
 
             if (Token::Match(top, "%assign%"))
                 return;
@@ -4851,7 +4851,7 @@ struct ConditionHandler {
                 }
             }
 
-            Token* top = condTok->astTop();
+            Token* top = condTok->astFinalTop();
 
             if (top->previous()->isExpandedMacro()) {
                 for (std::list<ValueFlow::Value>* values : {&thenValues, &elseValues}) {
@@ -5413,7 +5413,7 @@ static void valueFlowForLoopSimplify(Token* const bodyStart,
         }
 
         if (Token::Match(tok2, "%oror%|&&")) {
-            const ProgramMemory programMemory(getProgramMemory(tok2->astTop(), expr, ValueFlow::Value(value), settings));
+            const ProgramMemory programMemory(getProgramMemory(tok2->astFinalTop(), expr, ValueFlow::Value(value), settings));
             if ((tok2->str() == "&&" && !conditionIsTrue(tok2->astOperand1(), programMemory, settings)) ||
                 (tok2->str() == "||" && !conditionIsFalse(tok2->astOperand1(), programMemory, settings))) {
                 // Skip second expression..
@@ -5438,11 +5438,11 @@ static void valueFlowForLoopSimplify(Token* const bodyStart,
 
         if ((tok2->str() == "&&" &&
              conditionIsFalse(tok2->astOperand1(),
-                              getProgramMemory(tok2->astTop(), expr, ValueFlow::Value(value), settings),
+                              getProgramMemory(tok2->astFinalTop(), expr, ValueFlow::Value(value), settings),
                               settings)) ||
             (tok2->str() == "||" &&
              conditionIsTrue(tok2->astOperand1(),
-                             getProgramMemory(tok2->astTop(), expr, ValueFlow::Value(value), settings),
+                             getProgramMemory(tok2->astFinalTop(), expr, ValueFlow::Value(value), settings),
                              settings)))
             break;
 
@@ -6797,7 +6797,7 @@ static void valueFlowContainerSize(const TokenList& tokenlist,
                 !Token::Match(nameToken, "%name% ("))
                 continue;
         }
-        if (Token::Match(nameToken->astTop()->previous(), "for|while"))
+        if (Token::Match(nameToken->astFinalTop()->previous(), "for|while"))
             known = !isVariableChanged(var, settings);
         std::vector<ValueFlow::Value> values{ValueFlow::Value{size}};
         values.back().valueType = ValueFlow::Value::ValueType::CONTAINER_SIZE;
