Geoffrey1014/SA_Bugs

GCC --Wanalyzer-null-dereference false negative with `*p = 42`

Closed this issue · 2 comments

0-0x41 commented

date: 2023-1-23
commit: 8c8ca873216387bc26046615c806b96f0345ff9d
args: -O0 -fanalyzer
test:

void __analyzer_eval();

int f()
{
    int b[1] = {0};
    int *c = &b[0];
    if (c == &b[0])
    {
        int *p = (int *)0;

        __analyzer_eval(((c) + 1) == ((&b[0]) + 1));
        if (((c) + 1) == ((&b[0]) + 1))
        {
            *p = 42;
        }

        __analyzer_eval(((c) + 2) == ((&b[0]) + 2));
        if (((c) + 2) == ((&b[0]) + 2))
        {
            *p = 42;
        }
    }
}

report:
fix:
original:

0-0x41 commented

Under the dynamic execution of this case, the result of __analyzer_eval(((c) + 1) == ((&b[0]) + 1)) and __analyzer_eval(((c) + 2) == ((&b[0]) + 2)) are TRUE. However, analyzer gives FALSE, which caused analyzer don't generate an NPD warning. See it live: https://godbolt.org/z/E4666Ger1

  • 👍1
0-0x41 commented

duplicate of #55