public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "alx.manpages at gmail dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug analyzer/103233] Warning from system libraries in user code: CWE-476 -Werror=analyzer-null-dereference
Date: Sun, 14 Nov 2021 15:32:05 +0000 [thread overview]
Message-ID: <bug-103233-4-1YGdfNHwUX@http.gcc.gnu.org/bugzilla/> (raw)
In-Reply-To: <bug-103233-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103233
--- Comment #3 from alx.manpages at gmail dot com ---
Hi Jonathan,
On 11/14/21 15:57, redi at gcc dot gnu.org wrote:
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103233
>
> Jonathan Wakely <redi at gcc dot gnu.org> changed:
>
> What |Removed |Added
> ----------------------------------------------------------------------------
> Status|UNCONFIRMED |WAITING
> Last reconfirmed| |2021-11-14
> Ever confirmed|0 |1
>
> --- Comment #2 from Jonathan Wakely <redi at gcc dot gnu.org> ---
> (In reply to Alejandro Colomar from comment #0)
>> There are two problems here:
>>
>> One is a dereference of a NULL pointer in the standard C++ library code
>> (at least that's what -fanalyzer reports).
>
> The analyzer doesn't support C++ properly yet, and is completely wrong here.
> See below.
>
>
>
>> Another is that I'm seeing the error while compiling user code (my library):
>> <https://github.com/alejandro-colomar/libalx>
>
> What error? Please provide the code to reproduce the problem, not just a URL,
> see https://gcc.gnu.org/bugs
Well, not an error, but a warning (I transformed it into an error with
-Werror).
The error/warning that I referred to
was the one I copied entirely
(including the command to produce it).
The case that I reported was compiling an already preprocessed file.
Since it was a big temporary file
(and probably less readable than the source), I didn't share it.
I simplified the file, and compiled it directly,
to simplify reproducing it:
$ cat sys_warning.cxx
/******************************************************************************
* Copyright (c) 2018 by Alejandro Colomar <alx.manpages@gmail.com>
* SPDX-License-Identifier: GPL-2.0-only
******************************************************************************/
#include <stddef.h>
#include <vector>
#include <opencv2/calib3d.hpp>
#include <opencv2/core/base.hpp>
#include <opencv2/core/mat.hpp>
#include <opencv2/features2d.hpp>
#include <opencv2/imgproc.hpp>
static constexpr int MAX_FEATURES = 50000;
static constexpr double GOOD_MATCH_P = 0.25;
[[gnu::nonnull(1, 2)]]
void orb_align(const class cv::Mat *ref,
class cv::Mat *img,
class cv::Mat *img_matches);
void orb_align(const class cv::Mat *ref,
class cv::Mat *img,
class cv::Mat *img_matches)
{
class std::vector <class cv::KeyPoint> keypoints_0;
class std::vector <class cv::KeyPoint> keypoints_1;
class cv::Mat descriptors_0;
class cv::Mat descriptors_1;
struct cv::Ptr <class cv::Feature2D> orb;
class std::vector <class cv::DMatch> matches;
struct cv::Ptr <class cv::DescriptorMatcher> matcher;
ptrdiff_t good_matches;
class std::vector <class cv::Point_ <float>> points_0;
class std::vector <class cv::Point_ <float>> points_1;
ptrdiff_t size;
class cv::Mat img_hg;
class cv::Mat img_align;
/* Detect ORB features & compute descriptors */
orb = cv::ORB::create(MAX_FEATURES, 1.2f, 8, 31, 0, 2,
cv::ORB::HARRIS_SCORE, 31, 20);
orb->detectAndCompute(*ref, cv::Mat(), keypoints_0, descriptors_0,
false);
orb->detectAndCompute(*img, cv::Mat(), keypoints_1, descriptors_1,
false);
/* Match structures */
matcher = cv::DescriptorMatcher::create("BruteForce-Hamming");
matcher->match(descriptors_1, descriptors_0, matches, cv::Mat());
/* Sort matches by score */
std::sort(matches.begin(), matches.end());
/* Remove not so good matches */
good_matches = GOOD_MATCH_P * matches.size();
matches.erase(matches.begin() + good_matches, matches.end());
/* Draw top matches */
if (img_matches)
cv::drawMatches(*img, keypoints_1, *ref, keypoints_0, matches,
*img_matches, cv::Scalar::all(-1),
cv::Scalar::all(-1), std::vector<char>(),
cv::DrawMatchesFlags::DEFAULT);
/* Extract location of good matches */
size = matches.size();
for (ptrdiff_t i = 0; i < size; i++) {
points_1.push_back(keypoints_1[matches[i].queryIdx].pt);
points_0.push_back(keypoints_0[matches[i].trainIdx].pt);
}
/* Find homography */
img_hg = cv::findHomography(points_1, points_0, cv::RANSAC,
3, cv::noArray(), 2000, 0.995);
/* Use homography to warp image */
cv::warpPerspective(*img, img_align, img_hg, ref->size(),
cv::INTER_LINEAR, cv::BORDER_CONSTANT,
cv::Scalar());
/* Write img_align into img */
*img = img_align;
img_align.release();
}
$ c++ -D _GNU_SOURCE -D _POSIX_C_SOURCE=200809L -O3 -Wall -Wextra
-Winvalid-pch -fno-common -fpic -isystem/usr/include/opencv4 -fanalyzer
-std=gnu++20 -Wno-vla -S sys_warning.cxx
You'll need libopencv-dev (or equivalent) to compile.
>
>
>> |/usr/include/c++/11/bits/stl_vector.h:346:25:
>> | 346 | return __n != 0 ? _Tr::allocate(_M_impl, __n) :
>> pointer();
>> | |
>> ~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> | | |
>> | | (7) following 'false' branch...
>
> This cannot happen. The length is this->size() + 1 and we already checked for
> overflow, so it is guaranteed to be a positive integer.
>
>
>> |......
>> | 127 | return static_cast<_Tp*>(::operator new(__n *
>> sizeof(_Tp)));
>> | |
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> | | |
>> | | (12)
>> ...to here
>> | | (13) this
>> call could return NULL
>
>
> This is nonsense, operator new(size_t) cannot return null.
Okay, then I hope this helps improving fanalyzer :)
Regards,
Alex
next prev parent reply other threads:[~2021-11-14 15:32 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-14 14:27 [Bug c++/103233] New: " colomar.6.4.3 at gmail dot com
2021-11-14 14:30 ` [Bug c++/103233] " colomar.6.4.3 at gmail dot com
2021-11-14 14:57 ` redi at gcc dot gnu.org
2021-11-14 15:32 ` alx.manpages at gmail dot com [this message]
2021-11-15 23:27 ` [Bug analyzer/103233] " dmalcolm at gcc dot gnu.org
2021-11-15 23:42 ` colomar.6.4.3 at gmail dot com
2021-11-15 23:48 ` colomar.6.4.3 at gmail dot com
2021-11-15 23:52 ` pinskia at gcc dot gnu.org
2021-11-16 11:32 ` alx.manpages at gmail dot com
2021-12-13 15:45 ` redi at gcc dot gnu.org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-103233-4-1YGdfNHwUX@http.gcc.gnu.org/bugzilla/ \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-bugs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).