public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
* [Bug analyzer/106573] New: Missing -Wanalyzer-use-of-uninitialized-value on calls handled by state machines @ 2022-08-09 19:51 dmalcolm at gcc dot gnu.org 2022-08-09 20:33 ` [Bug analyzer/106573] " dmalcolm at gcc dot gnu.org ` (5 more replies) 0 siblings, 6 replies; 7+ messages in thread From: dmalcolm at gcc dot gnu.org @ 2022-08-09 19:51 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106573 Bug ID: 106573 Summary: Missing -Wanalyzer-use-of-uninitialized-value on calls handled by state machines Product: gcc Version: 13.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org CC: mir at gcc dot gnu.org Target Milestone: --- Consider: int dup (int old_fd); int not_dup (int old_fd); int test_1 () { int m; return dup (m); } int test_2 () { int m; return not_dup (m); } where in each function uninitialized local "m" is passed to an externally-defined function. -fanalyzer currently emits: t.c: In function ‘test_1’: t.c:8:10: warning: ‘dup’ on possibly invalid file descriptor ‘m’ [-Wanalyzer-fd-use-without-check] 8 | return dup (m); | ^~~~~~~ ‘test_1’: event 1 | | 8 | return dup (m); | | ^~~~~~~ | | | | | (1) ‘m’ could be invalid | t.c: In function ‘test_2’: t.c:15:10: warning: use of uninitialized value ‘m’ [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 15 | return not_dup (m); | ^~~~~~~~~~~ ‘test_2’: events 1-2 | | 14 | int m; | | ^ | | | | | (1) region created on stack here | 15 | return not_dup (m); | | ~~~~~~~~~~~ | | | | | (2) use of uninitialized value ‘m’ here | where it only complains about uninit m being passed to not_dup. Looks like we're missing a check for poisoned svalues as params for the case where one of the state machines recognizes the function in question. ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/106573] Missing -Wanalyzer-use-of-uninitialized-value on calls handled by state machines 2022-08-09 19:51 [Bug analyzer/106573] New: Missing -Wanalyzer-use-of-uninitialized-value on calls handled by state machines dmalcolm at gcc dot gnu.org @ 2022-08-09 20:33 ` dmalcolm at gcc dot gnu.org 2022-08-10 0:01 ` cvs-commit at gcc dot gnu.org ` (4 subsequent siblings) 5 siblings, 0 replies; 7+ messages in thread From: dmalcolm at gcc dot gnu.org @ 2022-08-09 20:33 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106573 David Malcolm <dmalcolm at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |ASSIGNED Ever confirmed|0 |1 Last reconfirmed| |2022-08-09 --- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> --- I'm working on a fix for this. ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/106573] Missing -Wanalyzer-use-of-uninitialized-value on calls handled by state machines 2022-08-09 19:51 [Bug analyzer/106573] New: Missing -Wanalyzer-use-of-uninitialized-value on calls handled by state machines dmalcolm at gcc dot gnu.org 2022-08-09 20:33 ` [Bug analyzer/106573] " dmalcolm at gcc dot gnu.org @ 2022-08-10 0:01 ` cvs-commit at gcc dot gnu.org 2022-08-10 0:07 ` dmalcolm at gcc dot gnu.org ` (3 subsequent siblings) 5 siblings, 0 replies; 7+ messages in thread From: cvs-commit at gcc dot gnu.org @ 2022-08-10 0:01 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106573 --- Comment #2 from CVS Commits <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>: https://gcc.gnu.org/g:bddd8d86e3036e480158ba9219ee3f290ba652ce commit r13-2007-gbddd8d86e3036e480158ba9219ee3f290ba652ce Author: David Malcolm <dmalcolm@redhat.com> Date: Tue Aug 9 19:58:54 2022 -0400 analyzer: fix missing -Wanalyzer-use-of-uninitialized-value on special-cased functions [PR106573] We were missing checks for uninitialized params on calls to functions that the analyzer has hardcoded knowledge of - both for those that are handled just by state machines, and for those that are handled in region-model-impl-calls.cc (for those arguments for which the svalue wasn't accessed in handling the call). Fixed thusly. gcc/analyzer/ChangeLog: PR analyzer/106573 * region-model.cc (region_model::on_call_pre): Ensure that we call get_arg_svalue on all arguments. gcc/testsuite/ChangeLog: PR analyzer/106573 * gcc.dg/analyzer/error-uninit.c: New test. * gcc.dg/analyzer/fd-uninit-1.c: New test. * gcc.dg/analyzer/file-uninit-1.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com> ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/106573] Missing -Wanalyzer-use-of-uninitialized-value on calls handled by state machines 2022-08-09 19:51 [Bug analyzer/106573] New: Missing -Wanalyzer-use-of-uninitialized-value on calls handled by state machines dmalcolm at gcc dot gnu.org 2022-08-09 20:33 ` [Bug analyzer/106573] " dmalcolm at gcc dot gnu.org 2022-08-10 0:01 ` cvs-commit at gcc dot gnu.org @ 2022-08-10 0:07 ` dmalcolm at gcc dot gnu.org 2022-08-15 18:48 ` cvs-commit at gcc dot gnu.org ` (2 subsequent siblings) 5 siblings, 0 replies; 7+ messages in thread From: dmalcolm at gcc dot gnu.org @ 2022-08-10 0:07 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106573 David Malcolm <dmalcolm at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution|--- |FIXED --- Comment #3 from David Malcolm <dmalcolm at gcc dot gnu.org> --- Should be fixed by the above patch. ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/106573] Missing -Wanalyzer-use-of-uninitialized-value on calls handled by state machines 2022-08-09 19:51 [Bug analyzer/106573] New: Missing -Wanalyzer-use-of-uninitialized-value on calls handled by state machines dmalcolm at gcc dot gnu.org ` (2 preceding siblings ...) 2022-08-10 0:07 ` dmalcolm at gcc dot gnu.org @ 2022-08-15 18:48 ` cvs-commit at gcc dot gnu.org 2023-03-29 18:18 ` cvs-commit at gcc dot gnu.org 2023-03-29 18:18 ` cvs-commit at gcc dot gnu.org 5 siblings, 0 replies; 7+ messages in thread From: cvs-commit at gcc dot gnu.org @ 2022-08-15 18:48 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106573 --- Comment #4 from CVS Commits <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>: https://gcc.gnu.org/g:ca123e019bb92fd1d6909e8da7f53a4f45922526 commit r13-2053-gca123e019bb92fd1d6909e8da7f53a4f45922526 Author: David Malcolm <dmalcolm@redhat.com> Date: Mon Aug 15 14:47:02 2022 -0400 analyzer: better fix for -Wanalyzer-use-of-uninitialized-value [PR106573] gcc/analyzer/ChangeLog: PR analyzer/106573 * region-model.cc (region_model::on_call_pre): Use check_call_args when ensuring that we call get_arg_svalue on all args. Remove redundant call from handling for stdio builtins. Signed-off-by: David Malcolm <dmalcolm@redhat.com> ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/106573] Missing -Wanalyzer-use-of-uninitialized-value on calls handled by state machines 2022-08-09 19:51 [Bug analyzer/106573] New: Missing -Wanalyzer-use-of-uninitialized-value on calls handled by state machines dmalcolm at gcc dot gnu.org ` (3 preceding siblings ...) 2022-08-15 18:48 ` cvs-commit at gcc dot gnu.org @ 2023-03-29 18:18 ` cvs-commit at gcc dot gnu.org 2023-03-29 18:18 ` cvs-commit at gcc dot gnu.org 5 siblings, 0 replies; 7+ messages in thread From: cvs-commit at gcc dot gnu.org @ 2023-03-29 18:18 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106573 --- Comment #5 from CVS Commits <cvs-commit at gcc dot gnu.org> --- The releases/gcc-12 branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>: https://gcc.gnu.org/g:62a565e56763c65ec9e134735aa780cf2b1c3cfa commit r12-9354-g62a565e56763c65ec9e134735aa780cf2b1c3cfa Author: David Malcolm <dmalcolm@redhat.com> Date: Wed Mar 29 14:16:46 2023 -0400 analyzer: fix missing -Wanalyzer-use-of-uninitialized-value on special-cased functions [PR106573] We were missing checks for uninitialized params on calls to functions that the analyzer has hardcoded knowledge of - both for those that are handled just by state machines, and for those that are handled in region-model-impl-calls.cc (for those arguments for which the svalue wasn't accessed in handling the call). Fixed thusly. Backported from r13-2007-gbddd8d86e3036e, dropping the test case fd-uninit-1.c. gcc/analyzer/ChangeLog: PR analyzer/106573 * region-model.cc (region_model::on_call_pre): Ensure that we call get_arg_svalue on all arguments. gcc/testsuite/ChangeLog: PR analyzer/106573 * gcc.dg/analyzer/error-uninit.c: New test. * gcc.dg/analyzer/file-uninit-1.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com> ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/106573] Missing -Wanalyzer-use-of-uninitialized-value on calls handled by state machines 2022-08-09 19:51 [Bug analyzer/106573] New: Missing -Wanalyzer-use-of-uninitialized-value on calls handled by state machines dmalcolm at gcc dot gnu.org ` (4 preceding siblings ...) 2023-03-29 18:18 ` cvs-commit at gcc dot gnu.org @ 2023-03-29 18:18 ` cvs-commit at gcc dot gnu.org 5 siblings, 0 replies; 7+ messages in thread From: cvs-commit at gcc dot gnu.org @ 2023-03-29 18:18 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106573 --- Comment #6 from CVS Commits <cvs-commit at gcc dot gnu.org> --- The releases/gcc-12 branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>: https://gcc.gnu.org/g:c63e5a234d0193e1f41024cf0eee840998e04c7f commit r12-9355-gc63e5a234d0193e1f41024cf0eee840998e04c7f Author: David Malcolm <dmalcolm@redhat.com> Date: Wed Mar 29 14:16:46 2023 -0400 analyzer: better fix for -Wanalyzer-use-of-uninitialized-value [PR106573] Cherrypicked from r13-2053-gca123e019bb92f. gcc/analyzer/ChangeLog: PR analyzer/106573 * region-model.cc (region_model::on_call_pre): Use check_call_args when ensuring that we call get_arg_svalue on all args. Remove redundant call from handling for stdio builtins. Signed-off-by: David Malcolm <dmalcolm@redhat.com> ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2023-03-29 18:18 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2022-08-09 19:51 [Bug analyzer/106573] New: Missing -Wanalyzer-use-of-uninitialized-value on calls handled by state machines dmalcolm at gcc dot gnu.org 2022-08-09 20:33 ` [Bug analyzer/106573] " dmalcolm at gcc dot gnu.org 2022-08-10 0:01 ` cvs-commit at gcc dot gnu.org 2022-08-10 0:07 ` dmalcolm at gcc dot gnu.org 2022-08-15 18:48 ` cvs-commit at gcc dot gnu.org 2023-03-29 18:18 ` cvs-commit at gcc dot gnu.org 2023-03-29 18:18 ` cvs-commit at gcc dot gnu.org
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).