Static code analyzer warning

Question

Static code analyzer warning

wcout opened this issue 6 years ago · 10 comments

I've probed the clang analyzer on the code and it gives one warning. As the code is .. hm .. complex .. I can't judge if this is a valid one, so I simply show it here:

report.zip

wcout commented 6 years ago

Yes

Answer 1 · 2019-01-05T18:45:51.000Z

Seems like I broke the Clang analyzer! Yay…

[50] cannot be false right away, as ctbl equals at least 4 (and at most 256) at the start, see line 102.
code gets initialized with exactly ctbl zero values, starting at the address of code[0], and then gets appended 1 element each SP/MP iteration, until either its size (and the value of ctbl which drives that process) equals GIF_CLEN or it gets invalidated, see line 118.
prev never exceeds ctbl between lines 109 and 130, as prev equals 0 at the start and then gets its value from curr at each iteration, whereas curr exceeding ctbl terminates the function with the return value of –5 (see line 141), before prev ever gets a chance to become greater than ctbl.
when ctbl reaches GIF_CLEN and thus cannot further expand code, its corresponding mask prevents curr from becoming greater than GIF_CLEN – 1, see line 118.

Maybe it`s worth filing a bug to Clang analyzer…

[UPD:]

However, there is one case where prev might point to an uninitialized code element. This happens right after a table drop, so prev equals the table drop code, and ctbl equals the end-of-stream code. Both codes cannot be used as color codes, so the garbage contained there cannot be used to color anything.

But still, to be fully garbage-free, we just need to correct one line. Please change

    for (curr = ctbl++; curr; code[--curr] = 0); /** actual color codes **/

to

    for (curr = ++ctbl; curr; code[--curr] = 0); /** actual color codes **/

and see if that makes Clang analyzer happy.

Answer 2 · 2019-01-05T20:49:23.000Z

If it does, please also apply the analyzer to the latest commit, 0ed5be0, and see if it finds anything.

Answer 3 · 2019-01-06T06:26:41.000Z

It still gives the one same warning with the latest commit.

Answer 4 · 2019-01-06T06:41:58.000Z

Well, OK. Does it also complain if the loop goes as follows?

    for (curr = ++ctbl; curr; )
        code[--curr] = 0;

Answer 5 · 2019-01-06T07:00:40.000Z

Please show me the report.

Answer 6 · 2019-01-06T07:30:15.000Z

report2.zip

Answer 7 · 2019-01-06T07:36:50.000Z

Well, now that does seem like a bug in the analyzer.
The loop condition is now obviously true.

Answer 8 · 2019-01-06T07:50:12.000Z

May I close this ticket?

Answer 9 · 2019-01-06T11:34:43.000Z

Yes please.

Your analysis seems profound, so it is really most probably a clang analyzer issue.
(Though I hoped, that fixing the memory corruptions would make this warning go away too).