From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id E71D43858403; Sun, 14 Nov 2021 14:27:15 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E71D43858403 From: "colomar.6.4.3 at gmail dot com" To: gcc-bugs@gcc.gnu.org Subject: [Bug c++/103233] New: Warning from system libraries in user code: CWE-476 -Werror=analyzer-null-dereference Date: Sun, 14 Nov 2021 14:27:15 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: c++ X-Bugzilla-Version: unknown X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: colomar.6.4.3 at gmail dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Nov 2021 14:27:16 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D103233 Bug ID: 103233 Summary: Warning from system libraries in user code: CWE-476 -Werror=3Danalyzer-null-dereference Product: gcc Version: unknown Status: UNCONFIRMED Severity: normal Priority: P3 Component: c++ Assignee: unassigned at gcc dot gnu.org Reporter: colomar.6.4.3 at gmail dot com Target Milestone: --- There are two problems here: One is a dereference of a NULL pointer in the standard C++ library code (at least that's what -fanalyzer reports). Another is that I'm seeing the error while compiling user code (my library): c++ -D _GNU_SOURCE -D _POSIX_C_SOURCE=3D200809L -D SYSCONFDIR_=3D'"/usr/local/etc/alx"' -O3 -Wall -Wextra -Winvalid-pch -fno-c= ommon -Werror -fpic -isystem/usr/local/include -D_GNU_SOURCE -D_POSIX_C_SOURCE=3D200809L -isystem/usr/include/opencv4 -isystem/usr/local/include -D_GNU_SOURCE -D_POSIX_C_SOURCE=3D200809L -isystem/usr/local/include -D_GNU_SOURCE -D_POSIX_C_SOURCE=3D200809L -fanal= yzer -std=3Dgnu++20 -Wno-vla -I /home/alx/src/alx/libalx/include -fpreproces= sed -S -o /home/alx/src/alx/libalx/tmp/alx/cv/features2d/orb.cxx.s=20=20=20=20 /home/alx/src/alx/libalx/tmp/alx/cv/features2d/orb.cxx.i In member function 'void std::vector<_Tp, _Alloc>::_M_realloc_insert(std::vector<_Tp, _Alloc>::iterator, _Args&& ...) [with _Args =3D {const cv::Point_&}; _Tp =3D cv::Point_; _All= oc =3D std::allocator >]': cc1plus: error: dereference of NULL '__cur' [CWE-476] [-Werror=3Danalyzer-null-dereference] 'void std::vector<_Tp, _Alloc>::_M_realloc_insert(std::vector<_Tp, _Alloc>::iterator, _Args&& ...) [with _Args =3D {const cv::Point_&};= _Tp =3D cv::Point_; _Alloc =3D std::allocator >]': events = 1-2 | |/usr/include/c++/11/bits/vector.tcc:426:7: | 426 | vector<_Tp, _Alloc>:: | | ^~~~~~~~~~~~~~~~~~~ | | | | | (1) entry to 'std::vector >::_M_realloc_insert&>' |...... | 436 | _M_check_len(size_type(1), "vector::_M_realloc_insert"= ); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (2) calling 'std::vector >::_M_check_len' from 'std::vector >::_M_realloc_insert&>' | +--> 'std::vector<_Tp, _Alloc>::size_type std::vector<_Tp, _Alloc>::_M_check_len(std::vector<_Tp, _Alloc>::size_type, const char*) con= st [with _Tp =3D cv::Point_; _Alloc =3D std::allocator >]': events 3-5 | |/usr/include/c++/11/bits/stl_vector.h:1756:7: | 1756 | _M_check_len(size_type __n, const char* __s) const | | ^~~~~~~~~~~~ | | | | | (3) entry to 'std::vector >::_M_check_len' | 1757 | { | 1758 | if (max_size() - size() < __n) | | ~~ | | | | | (4) following 'false' branch... |...... | 1761 | const size_type __len =3D size() + (std::max)(s= ize(), __n); | | ~~~= ~~~ | | = | | | = (5) ...to here | <------+ | 'void std::vector<_Tp, _Alloc>::_M_realloc_insert(std::vector<_Tp, _Alloc>::iterator, _Args&& ...) [with _Args =3D {const cv::Point_&};= _Tp =3D cv::Point_; _Alloc =3D std::allocator >]': event 6 | |/usr/include/c++/11/bits/vector.tcc:436:21: | 436 | _M_check_len(size_type(1), "vector::_M_realloc_insert"= ); | | ~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (6) returning to 'std::vector >::_M_realloc_insert= &>' from 'std::vector >::_M_check_len' | 'void std::vector<_Tp, _Alloc>::_M_realloc_insert(std::vector<_Tp, _Alloc>::iterator, _Args&& ...) [with _Args =3D {const cv::Point_&};= _Tp =3D cv::Point_; _Alloc =3D std::allocator >]': event 7 | |/usr/include/c++/11/bits/stl_vector.h:346:25: | 346 | return __n !=3D 0 ? _Tr::allocate(_M_impl, __n) : poin= ter(); | | ~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~= ~~~ | | | | | (7) following 'false' branch... | 'void std::vector<_Tp, _Alloc>::_M_realloc_insert(std::vector<_Tp, _Alloc>::iterator, _Args&& ...) [with _Args =3D {const cv::Point_&};= _Tp =3D cv::Point_; _Alloc =3D std::allocator >]': event 8 | |/usr/include/c++/11/bits/vector.tcc:450:48: | 450 | __new_start + __elems_befor= e, | | ~~~~~~~~~~~~^~~~~~~~~~~~~~~~ | | | | | (8) ...to here | 'void std::vector<_Tp, _Alloc>::_M_realloc_insert(std::vector<_Tp, _Alloc>::iterator, _Args&& ...) [with _Args =3D {const cv::Point_&};= _Tp =3D cv::Point_; _Alloc =3D std::allocator >]': event 9 | |/usr/include/c++/11/bits/stl_uninitialized.h:1031:22: | 1031 | for (; __first !=3D __last; ++__first, (void)++__cur) | | ~~~~~~~~^~~~~~~~~ | | | | | (9) following 'true' branch (when '__firs= t !=3D ')... | 'void std::vector<_Tp, _Alloc>::_M_realloc_insert(std::vector<_Tp, _Alloc>::iterator, _Args&& ...) [with _Args =3D {const cv::Point_&};= _Tp =3D cv::Point_; _Alloc =3D std::allocator >]': event 10 | |/usr/include/c++/11/bits/stl_construct.h:88:9: | 88 | __location->~_Tp(); | | ^~~~~~~~~~ | | | | | (10) ...to here | 'void std::vector<_Tp, _Alloc>::_M_realloc_insert(std::vector<_Tp, _Alloc>::iterator, _Args&& ...) [with _Args =3D {const cv::Point_&};= _Tp =3D cv::Point_; _Alloc =3D std::allocator >]': event 11 | |cc1plus: | (11): dereference of NULL '__cur' | cc1plus: error: dereference of possibly-NULL '__cur' [CWE-690] [-Werror=3Danalyzer-possible-null-dereference] 'void std::vector<_Tp, _Alloc>::_M_realloc_insert(std::vector<_Tp, _Alloc>::iterator, _Args&& ...) [with _Args =3D {const cv::Point_&};= _Tp =3D cv::Point_; _Alloc =3D std::allocator >]': events = 1-2 | |/usr/include/c++/11/bits/vector.tcc:426:7: | 426 | vector<_Tp, _Alloc>:: | | ^~~~~~~~~~~~~~~~~~~ | | | | | (1) entry to 'std::vector >::_M_realloc_insert&>' |...... | 436 | _M_check_len(size_type(1), "vector::_M_realloc_insert"= ); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (2) calling 'std::vector >::_M_check_len' from 'std::vector >::_M_realloc_insert&>' | +--> 'std::vector<_Tp, _Alloc>::size_type std::vector<_Tp, _Alloc>::_M_check_len(std::vector<_Tp, _Alloc>::size_type, const char*) con= st [with _Tp =3D cv::Point_; _Alloc =3D std::allocator >]': events 3-5 | |/usr/include/c++/11/bits/stl_vector.h:1756:7: | 1756 | _M_check_len(size_type __n, const char* __s) const | | ^~~~~~~~~~~~ | | | | | (3) entry to 'std::vector >::_M_check_len' | 1757 | { | 1758 | if (max_size() - size() < __n) | | ~~ | | | | | (4) following 'false' branch... |...... | 1761 | const size_type __len =3D size() + (std::max)(s= ize(), __n); | | ~~~= ~~~ | | = | | | = (5) ...to here | <------+ | 'void std::vector<_Tp, _Alloc>::_M_realloc_insert(std::vector<_Tp, _Alloc>::iterator, _Args&& ...) [with _Args =3D {const cv::Point_&};= _Tp =3D cv::Point_; _Alloc =3D std::allocator >]': event 6 | |/usr/include/c++/11/bits/vector.tcc:436:21: | 436 | _M_check_len(size_type(1), "vector::_M_realloc_insert"= ); | | ~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (6) returning to 'std::vector >::_M_realloc_insert= &>' from 'std::vector >::_M_check_len' | 'void std::vector<_Tp, _Alloc>::_M_realloc_insert(std::vector<_Tp, _Alloc>::iterator, _Args&& ...) [with _Args =3D {const cv::Point_&};= _Tp =3D cv::Point_; _Alloc =3D std::allocator >]': events = 7-8 | |/usr/include/c++/11/bits/stl_vector.h:346:25: | 346 | return __n !=3D 0 ? _Tr::allocate(_M_impl, __n) : poin= ter(); | | ~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~= ~~~ | | | | | | | (8) ...to here | | (7) following 'true' branch... | 'void std::vector<_Tp, _Alloc>::_M_realloc_insert(std::vector<_Tp, _Alloc>::iterator, _Args&& ...) [with _Args =3D {const cv::Point_&};= _Tp =3D cv::Point_; _Alloc =3D std::allocator >]': event 9 | |/usr/include/c++/11/bits/allocator.h:201:47: | 201 | return __allocator_base<_Tp>::allocate(__n, 0); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~ | | | | | (9) calling '__gnu_cxx::new_allocator >::allocate' from 'std::vector >::_M_realloc_insert= &>' | +--> '_Tp* __gnu_cxx::new_allocator<_Tp>::allocate(__gnu_cxx::new_allocator<_Tp>::size= _type, const void*) [with _Tp =3D cv::Point_]': events 10-13 | |/usr/include/c++/11/ext/new_allocator.h:103:7: | 103 | allocate(size_type __n, const void* =3D static_cast(0)) | | ^~~~~~~~ | | | | | (10) entry to '__gnu_cxx::new_allocator >::allocate' |...... | 111 | if (__builtin_expect(__n > this->_M_max_size(), false)) | | ~~ | | | | | (11) following 'false' branch... |...... | 127 | return static_cast<_Tp*>(::operator new(__n * sizeof(_Tp))); | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (12) ...= to here | | (13) this call could return NULL | <------+ | 'void std::vector<_Tp, _Alloc>::_M_realloc_insert(std::vector<_Tp, _Alloc>::iterator, _Args&& ...) [with _Args =3D {const cv::Point_&};= _Tp =3D cv::Point_; _Alloc =3D std::allocator >]': event 14 | |/usr/include/c++/11/bits/allocator.h:201:47: | 201 | return __allocator_base<_Tp>::allocate(__n, 0); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~ | | | | | (14) returning to 'std::vector >::_M_realloc_insert= &>' from '__gnu_cxx::new_allocator >::allocate' | 'void std::vector<_Tp, _Alloc>::_M_realloc_insert(std::vector<_Tp, _Alloc>::iterator, _Args&& ...) [with _Args =3D {const cv::Point_&};= _Tp =3D cv::Point_; _Alloc =3D std::allocator >]': event 15 | |/usr/include/c++/11/bits/stl_uninitialized.h:1031:22: | 1031 | for (; __first !=3D __last; ++__first, (void)++__cur) | | ~~~~~~~~^~~~~~~~~ | | | | | (15) following 'true' branch (when '__fir= st !=3D ')... | 'void std::vector<_Tp, _Alloc>::_M_realloc_insert(std::vector<_Tp, _Alloc>::iterator, _Args&& ...) [with _Args =3D {const cv::Point_&};= _Tp =3D cv::Point_; _Alloc =3D std::allocator >]': event 16 | |/usr/include/c++/11/bits/stl_construct.h:88:9: | 88 | __location->~_Tp(); | | ^~~~~~~~~~ | | | | | (16) ...to here | 'void std::vector<_Tp, _Alloc>::_M_realloc_insert(std::vector<_Tp, _Alloc>::iterator, _Args&& ...) [with _Args =3D {const cv::Point_&};= _Tp =3D cv::Point_; _Alloc =3D std::allocator >]': event 17 | |cc1plus: | (17): '__cur' could be NULL: unchecked value from (13) | cc1plus: all warnings being treated as errors=