From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 38C203858D39; Sun, 14 Nov 2021 15:32:05 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 38C203858D39 From: "alx.manpages at gmail dot com" To: gcc-bugs@gcc.gnu.org Subject: [Bug analyzer/103233] Warning from system libraries in user code: CWE-476 -Werror=analyzer-null-dereference Date: Sun, 14 Nov 2021 15:32:05 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: analyzer X-Bugzilla-Version: unknown X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: alx.manpages at gmail dot com X-Bugzilla-Status: WAITING X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: dmalcolm at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Nov 2021 15:32:05 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D103233 --- Comment #3 from alx.manpages at gmail dot com --- Hi Jonathan, On 11/14/21 15:57, redi at gcc dot gnu.org wrote: > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D103233 >=20 > Jonathan Wakely changed: >=20 > What |Removed |Added > -------------------------------------------------------------------------= --- > Status|UNCONFIRMED |WAITING > Last reconfirmed| |2021-11-14 > Ever confirmed|0 |1 >=20 > --- Comment #2 from Jonathan Wakely --- > (In reply to Alejandro Colomar from comment #0) >> There are two problems here: >> >> One is a dereference of a NULL pointer in the standard C++ library code >> (at least that's what -fanalyzer reports). >=20 > The analyzer doesn't support C++ properly yet, and is completely wrong he= re. > See below. >=20 >=20 >=20 >> Another is that I'm seeing the error while compiling user code (my libra= ry): >> >=20 > What error? Please provide the code to reproduce the problem, not just a = URL, > see https://gcc.gnu.org/bugs Well, not an error, but a warning (I transformed it into an error with=20 -Werror). The error/warning that I referred to was the one I copied entirely (including the command to produce it). The case that I reported was compiling an already preprocessed file.=20 Since it was a big temporary file (and probably less readable than the source), I didn't share it. I simplified the file, and compiled it directly, to simplify reproducing it: $ cat sys_warning.cxx /**************************************************************************= **** * Copyright (c) 2018 by Alejandro Colomar * SPDX-License-Identifier: GPL-2.0-only ***************************************************************************= ***/ #include #include #include #include #include #include #include static constexpr int MAX_FEATURES =3D 50000; static constexpr double GOOD_MATCH_P =3D 0.25; [[gnu::nonnull(1, 2)]] void orb_align(const class cv::Mat *ref, class cv::Mat *img, class cv::Mat *img_matches); void orb_align(const class cv::Mat *ref, class cv::Mat *img, class cv::Mat *img_matches) { class std::vector keypoints_0; class std::vector keypoints_1; class cv::Mat descriptors_0; class cv::Mat descriptors_1; struct cv::Ptr orb; class std::vector matches; struct cv::Ptr matcher; ptrdiff_t good_matches; class std::vector > points_0; class std::vector > points_1; ptrdiff_t size; class cv::Mat img_hg; class cv::Mat img_align; /* Detect ORB features & compute descriptors */ orb =3D cv::ORB::create(MAX_FEATURES, 1.2f, 8, 31, 0, 2, cv::ORB::HARRIS_SCORE, 31, 20); orb->detectAndCompute(*ref, cv::Mat(), keypoints_0, descriptors_0, false); orb->detectAndCompute(*img, cv::Mat(), keypoints_1, descriptors_1, false); /* Match structures */ matcher =3D cv::DescriptorMatcher::create("BruteForce-Hamming"); matcher->match(descriptors_1, descriptors_0, matches, cv::Mat()); /* Sort matches by score */ std::sort(matches.begin(), matches.end()); /* Remove not so good matches */ good_matches =3D GOOD_MATCH_P * matches.size(); matches.erase(matches.begin() + good_matches, matches.end()); /* Draw top matches */ if (img_matches) cv::drawMatches(*img, keypoints_1, *ref, keypoints_0, match= es, *img_matches, cv::Scalar::all(-1), cv::Scalar::all(-1), std::vector(), cv::DrawMatchesFlags::DEFAULT); /* Extract location of good matches */ size =3D matches.size(); for (ptrdiff_t i =3D 0; i < size; i++) { points_1.push_back(keypoints_1[matches[i].queryIdx].pt); points_0.push_back(keypoints_0[matches[i].trainIdx].pt); } /* Find homography */ img_hg =3D cv::findHomography(points_1, points_0, cv::RANSAC, 3, cv::noArray(), 2000, 0.995); /* Use homography to warp image */ cv::warpPerspective(*img, img_align, img_hg, ref->size(), cv::INTER_LINEAR, cv::BORDER_CONSTANT, cv::Scalar()); /* Write img_align into img */ *img =3D img_align; img_align.release(); } $ c++ -D _GNU_SOURCE -D _POSIX_C_SOURCE=3D200809L -O3 -Wall -Wextra=20 -Winvalid-pch -fno-common -fpic -isystem/usr/include/opencv4 -fanalyzer=20 -std=3Dgnu++20 -Wno-vla -S sys_warning.cxx You'll need libopencv-dev (or equivalent) to compile. >=20 >=20 >> |/usr/include/c++/11/bits/stl_vector.h:346:25: >> | 346 | return __n !=3D 0 ? _Tr::allocate(_M_impl, __n) : >> pointer(); >> | | >> ~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> | | | >> | | (7) following 'false' branch... >=20 > This cannot happen. The length is this->size() + 1 and we already checked= for > overflow, so it is guaranteed to be a positive integer. >=20 >=20 >> |...... >> | 127 | return static_cast<_Tp*>(::operator new(__n= * >> sizeof(_Tp))); >> | | >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> | | | >> | | (12) >> ...to here >> | | (13)= this >> call could return NULL >=20 >=20 > This is nonsense, operator new(size_t) cannot return null. Okay, then I hope this helps improving fanalyzer :) Regards, Alex=