[Bug analyzer/106383] New: False positives from -Wanalyzer-va-list-exhausted

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

* [Bug analyzer/106383] New: False positives from -Wanalyzer-va-list-exhausted
@ 2022-07-21 14:38 dmalcolm at gcc dot gnu.org
  2022-07-21 18:14 ` [Bug analyzer/106383] " dmalcolm at gcc dot gnu.org
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-07-21 14:38 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106383

            Bug ID: 106383
           Summary: False positives from -Wanalyzer-va-list-exhausted
           Product: gcc
           Version: 12.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: analyzer
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: dmalcolm at gcc dot gnu.org
            Blocks: 106358
  Target Milestone: ---

https://godbolt.org/z/c87abh5vc

Given:

typedef __builtin_va_list va_list;

struct printf_spec {
  unsigned int type;
};

int
format_decode(const char *fmt, struct printf_spec *spec);

static int vbin_printf(const char *fmt, va_list args) {
  struct printf_spec spec;
  int width = 0;

  while (*fmt) {
    int read = format_decode(fmt, &spec);

    fmt += read;

    switch (spec.type) {
    case 0:
      break;
    case 1:
      width = __builtin_va_arg(args, int);
      break;
    }
  }

  return width;
}

int bprintf(const char *fmt, ...) {
  va_list args;
  int ret;

  __builtin_va_start(args, fmt);
  ret = vbin_printf(fmt, args);
  __builtin_va_end(args);

  return ret;
}

we get this false positive with trunk with -fanalyzer:

../../src/vsprintf.c: In function ‘vbin_printf’:
../../src/vsprintf.c:23:13: warning: ‘args’ has no more arguments (0 consumed)
[CWE-685] [-Wanalyzer-va-list-exhausted]
   23 |       width = __builtin_va_arg(args, int);
      |       ~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  ‘bprintf’: events 1-2
    |
    |   31 | int bprintf(const char *fmt, ...) {
    |      |     ^~~~~~~
    |      |     |
    |      |     (1) entry to ‘bprintf’
    |......
    |   36 |   ret = vbin_printf(fmt, args);
    |      |         ~~~~~~~~~~~~~~~~~~~~~~
    |      |         |
    |      |         (2) calling ‘vbin_printf’ from ‘bprintf’
    |
    +--> ‘vbin_printf’: events 3-6
           |
           |   10 | static int vbin_printf(const char *fmt, va_list args) {
           |      |            ^~~~~~~~~~~
           |      |            |
           |      |            (3) entry to ‘vbin_printf’
           |......
           |   14 |   while (*fmt) {
           |      |          ~  
           |      |          |
           |      |          (4) following ‘true’ branch...
           |   15 |     int read = format_decode(fmt, &spec);
           |      |                ~~~~~~~~~~~~~~~~~~~~~~~~~
           |      |                |
           |      |                (5) ...to here
           |......
           |   23 |       width = __builtin_va_arg(args, int);
           |      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           |      |             |
           |      |             (6) ‘args’ has no more arguments (0 consumed)
           |

Reduced from Linux kernel: lib/vsprintf.c


Referenced Bugs:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106358
[Bug 106358] [meta-bug] tracker bug for building the Linux kernel with
-fanalyzer

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [Bug analyzer/106383] False positives from -Wanalyzer-va-list-exhausted
  2022-07-21 14:38 [Bug analyzer/106383] New: False positives from -Wanalyzer-va-list-exhausted dmalcolm at gcc dot gnu.org
@ 2022-07-21 18:14 ` dmalcolm at gcc dot gnu.org
  2022-07-21 21:30 ` cvs-commit at gcc dot gnu.org
  2022-07-21 21:34 ` dmalcolm at gcc dot gnu.org
  2 siblings, 0 replies; 4+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-07-21 18:14 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106383

David Malcolm <dmalcolm at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Last reconfirmed|                            |2022-07-21
             Status|UNCONFIRMED                 |ASSIGNED
     Ever confirmed|0                           |1

--- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
I'm testing a fix for this.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [Bug analyzer/106383] False positives from -Wanalyzer-va-list-exhausted
  2022-07-21 14:38 [Bug analyzer/106383] New: False positives from -Wanalyzer-va-list-exhausted dmalcolm at gcc dot gnu.org
  2022-07-21 18:14 ` [Bug analyzer/106383] " dmalcolm at gcc dot gnu.org
@ 2022-07-21 21:30 ` cvs-commit at gcc dot gnu.org
  2022-07-21 21:34 ` dmalcolm at gcc dot gnu.org
  2 siblings, 0 replies; 4+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-07-21 21:30 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106383

--- Comment #2 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:

https://gcc.gnu.org/g:b852aa7f265424c8e2036899da5d8306ff06a16c

commit r13-1786-gb852aa7f265424c8e2036899da5d8306ff06a16c
Author: David Malcolm <dmalcolm@redhat.com>
Date:   Thu Jul 21 17:29:26 2022 -0400

    analyzer: fix -Wanalyzer-va-list-exhausted false +ve on va_arg in
subroutine [PR106383]

    gcc/analyzer/ChangeLog:
            PR analyzer/106383
            * varargs.cc (region_model::impl_call_va_arg): When determining if
            we're doing interprocedural analysis, use the stack depth of the
            frame in which va_start was called, rather than the current stack
            depth.

    gcc/testsuite/ChangeLog:
            PR analyzer/106383
            * gcc.dg/analyzer/stdarg-3.c: New test.

    Signed-off-by: David Malcolm <dmalcolm@redhat.com>

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [Bug analyzer/106383] False positives from -Wanalyzer-va-list-exhausted
  2022-07-21 14:38 [Bug analyzer/106383] New: False positives from -Wanalyzer-va-list-exhausted dmalcolm at gcc dot gnu.org
  2022-07-21 18:14 ` [Bug analyzer/106383] " dmalcolm at gcc dot gnu.org
  2022-07-21 21:30 ` cvs-commit at gcc dot gnu.org
@ 2022-07-21 21:34 ` dmalcolm at gcc dot gnu.org
  2 siblings, 0 replies; 4+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-07-21 21:34 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106383

David Malcolm <dmalcolm at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|---                         |FIXED

--- Comment #3 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Should be fixed by the above commit.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2022-07-21 21:34 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-07-21 14:38 [Bug analyzer/106383] New: False positives from -Wanalyzer-va-list-exhausted dmalcolm at gcc dot gnu.org
2022-07-21 18:14 ` [Bug analyzer/106383] " dmalcolm at gcc dot gnu.org
2022-07-21 21:30 ` cvs-commit at gcc dot gnu.org
2022-07-21 21:34 ` dmalcolm at gcc dot gnu.org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).