public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
* [Bug analyzer/106573] New: Missing -Wanalyzer-use-of-uninitialized-value on calls handled by state machines
@ 2022-08-09 19:51 dmalcolm at gcc dot gnu.org
2022-08-09 20:33 ` [Bug analyzer/106573] " dmalcolm at gcc dot gnu.org
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-08-09 19:51 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106573
Bug ID: 106573
Summary: Missing -Wanalyzer-use-of-uninitialized-value on calls
handled by state machines
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
CC: mir at gcc dot gnu.org
Target Milestone: ---
Consider:
int dup (int old_fd);
int not_dup (int old_fd);
int
test_1 ()
{
int m;
return dup (m);
}
int
test_2 ()
{
int m;
return not_dup (m);
}
where in each function uninitialized local "m" is passed to an
externally-defined function.
-fanalyzer currently emits:
t.c: In function ‘test_1’:
t.c:8:10: warning: ‘dup’ on possibly invalid file descriptor ‘m’
[-Wanalyzer-fd-use-without-check]
8 | return dup (m);
| ^~~~~~~
‘test_1’: event 1
|
| 8 | return dup (m);
| | ^~~~~~~
| | |
| | (1) ‘m’ could be invalid
|
t.c: In function ‘test_2’:
t.c:15:10: warning: use of uninitialized value ‘m’ [CWE-457]
[-Wanalyzer-use-of-uninitialized-value]
15 | return not_dup (m);
| ^~~~~~~~~~~
‘test_2’: events 1-2
|
| 14 | int m;
| | ^
| | |
| | (1) region created on stack here
| 15 | return not_dup (m);
| | ~~~~~~~~~~~
| | |
| | (2) use of uninitialized value ‘m’ here
|
where it only complains about uninit m being passed to not_dup.
Looks like we're missing a check for poisoned svalues as params for the case
where one of the state machines recognizes the function in question.
^ permalink raw reply [flat|nested] 7+ messages in thread* [Bug analyzer/106573] Missing -Wanalyzer-use-of-uninitialized-value on calls handled by state machines 2022-08-09 19:51 [Bug analyzer/106573] New: Missing -Wanalyzer-use-of-uninitialized-value on calls handled by state machines dmalcolm at gcc dot gnu.org @ 2022-08-09 20:33 ` dmalcolm at gcc dot gnu.org 2022-08-10 0:01 ` cvs-commit at gcc dot gnu.org ` (4 subsequent siblings) 5 siblings, 0 replies; 7+ messages in thread From: dmalcolm at gcc dot gnu.org @ 2022-08-09 20:33 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106573 David Malcolm <dmalcolm at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |ASSIGNED Ever confirmed|0 |1 Last reconfirmed| |2022-08-09 --- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> --- I'm working on a fix for this. ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/106573] Missing -Wanalyzer-use-of-uninitialized-value on calls handled by state machines 2022-08-09 19:51 [Bug analyzer/106573] New: Missing -Wanalyzer-use-of-uninitialized-value on calls handled by state machines dmalcolm at gcc dot gnu.org 2022-08-09 20:33 ` [Bug analyzer/106573] " dmalcolm at gcc dot gnu.org @ 2022-08-10 0:01 ` cvs-commit at gcc dot gnu.org 2022-08-10 0:07 ` dmalcolm at gcc dot gnu.org ` (3 subsequent siblings) 5 siblings, 0 replies; 7+ messages in thread From: cvs-commit at gcc dot gnu.org @ 2022-08-10 0:01 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106573 --- Comment #2 from CVS Commits <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>: https://gcc.gnu.org/g:bddd8d86e3036e480158ba9219ee3f290ba652ce commit r13-2007-gbddd8d86e3036e480158ba9219ee3f290ba652ce Author: David Malcolm <dmalcolm@redhat.com> Date: Tue Aug 9 19:58:54 2022 -0400 analyzer: fix missing -Wanalyzer-use-of-uninitialized-value on special-cased functions [PR106573] We were missing checks for uninitialized params on calls to functions that the analyzer has hardcoded knowledge of - both for those that are handled just by state machines, and for those that are handled in region-model-impl-calls.cc (for those arguments for which the svalue wasn't accessed in handling the call). Fixed thusly. gcc/analyzer/ChangeLog: PR analyzer/106573 * region-model.cc (region_model::on_call_pre): Ensure that we call get_arg_svalue on all arguments. gcc/testsuite/ChangeLog: PR analyzer/106573 * gcc.dg/analyzer/error-uninit.c: New test. * gcc.dg/analyzer/fd-uninit-1.c: New test. * gcc.dg/analyzer/file-uninit-1.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com> ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/106573] Missing -Wanalyzer-use-of-uninitialized-value on calls handled by state machines 2022-08-09 19:51 [Bug analyzer/106573] New: Missing -Wanalyzer-use-of-uninitialized-value on calls handled by state machines dmalcolm at gcc dot gnu.org 2022-08-09 20:33 ` [Bug analyzer/106573] " dmalcolm at gcc dot gnu.org 2022-08-10 0:01 ` cvs-commit at gcc dot gnu.org @ 2022-08-10 0:07 ` dmalcolm at gcc dot gnu.org 2022-08-15 18:48 ` cvs-commit at gcc dot gnu.org ` (2 subsequent siblings) 5 siblings, 0 replies; 7+ messages in thread From: dmalcolm at gcc dot gnu.org @ 2022-08-10 0:07 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106573 David Malcolm <dmalcolm at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution|--- |FIXED --- Comment #3 from David Malcolm <dmalcolm at gcc dot gnu.org> --- Should be fixed by the above patch. ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/106573] Missing -Wanalyzer-use-of-uninitialized-value on calls handled by state machines 2022-08-09 19:51 [Bug analyzer/106573] New: Missing -Wanalyzer-use-of-uninitialized-value on calls handled by state machines dmalcolm at gcc dot gnu.org ` (2 preceding siblings ...) 2022-08-10 0:07 ` dmalcolm at gcc dot gnu.org @ 2022-08-15 18:48 ` cvs-commit at gcc dot gnu.org 2023-03-29 18:18 ` cvs-commit at gcc dot gnu.org 2023-03-29 18:18 ` cvs-commit at gcc dot gnu.org 5 siblings, 0 replies; 7+ messages in thread From: cvs-commit at gcc dot gnu.org @ 2022-08-15 18:48 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106573 --- Comment #4 from CVS Commits <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>: https://gcc.gnu.org/g:ca123e019bb92fd1d6909e8da7f53a4f45922526 commit r13-2053-gca123e019bb92fd1d6909e8da7f53a4f45922526 Author: David Malcolm <dmalcolm@redhat.com> Date: Mon Aug 15 14:47:02 2022 -0400 analyzer: better fix for -Wanalyzer-use-of-uninitialized-value [PR106573] gcc/analyzer/ChangeLog: PR analyzer/106573 * region-model.cc (region_model::on_call_pre): Use check_call_args when ensuring that we call get_arg_svalue on all args. Remove redundant call from handling for stdio builtins. Signed-off-by: David Malcolm <dmalcolm@redhat.com> ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/106573] Missing -Wanalyzer-use-of-uninitialized-value on calls handled by state machines 2022-08-09 19:51 [Bug analyzer/106573] New: Missing -Wanalyzer-use-of-uninitialized-value on calls handled by state machines dmalcolm at gcc dot gnu.org ` (3 preceding siblings ...) 2022-08-15 18:48 ` cvs-commit at gcc dot gnu.org @ 2023-03-29 18:18 ` cvs-commit at gcc dot gnu.org 2023-03-29 18:18 ` cvs-commit at gcc dot gnu.org 5 siblings, 0 replies; 7+ messages in thread From: cvs-commit at gcc dot gnu.org @ 2023-03-29 18:18 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106573 --- Comment #5 from CVS Commits <cvs-commit at gcc dot gnu.org> --- The releases/gcc-12 branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>: https://gcc.gnu.org/g:62a565e56763c65ec9e134735aa780cf2b1c3cfa commit r12-9354-g62a565e56763c65ec9e134735aa780cf2b1c3cfa Author: David Malcolm <dmalcolm@redhat.com> Date: Wed Mar 29 14:16:46 2023 -0400 analyzer: fix missing -Wanalyzer-use-of-uninitialized-value on special-cased functions [PR106573] We were missing checks for uninitialized params on calls to functions that the analyzer has hardcoded knowledge of - both for those that are handled just by state machines, and for those that are handled in region-model-impl-calls.cc (for those arguments for which the svalue wasn't accessed in handling the call). Fixed thusly. Backported from r13-2007-gbddd8d86e3036e, dropping the test case fd-uninit-1.c. gcc/analyzer/ChangeLog: PR analyzer/106573 * region-model.cc (region_model::on_call_pre): Ensure that we call get_arg_svalue on all arguments. gcc/testsuite/ChangeLog: PR analyzer/106573 * gcc.dg/analyzer/error-uninit.c: New test. * gcc.dg/analyzer/file-uninit-1.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com> ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug analyzer/106573] Missing -Wanalyzer-use-of-uninitialized-value on calls handled by state machines 2022-08-09 19:51 [Bug analyzer/106573] New: Missing -Wanalyzer-use-of-uninitialized-value on calls handled by state machines dmalcolm at gcc dot gnu.org ` (4 preceding siblings ...) 2023-03-29 18:18 ` cvs-commit at gcc dot gnu.org @ 2023-03-29 18:18 ` cvs-commit at gcc dot gnu.org 5 siblings, 0 replies; 7+ messages in thread From: cvs-commit at gcc dot gnu.org @ 2023-03-29 18:18 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106573 --- Comment #6 from CVS Commits <cvs-commit at gcc dot gnu.org> --- The releases/gcc-12 branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>: https://gcc.gnu.org/g:c63e5a234d0193e1f41024cf0eee840998e04c7f commit r12-9355-gc63e5a234d0193e1f41024cf0eee840998e04c7f Author: David Malcolm <dmalcolm@redhat.com> Date: Wed Mar 29 14:16:46 2023 -0400 analyzer: better fix for -Wanalyzer-use-of-uninitialized-value [PR106573] Cherrypicked from r13-2053-gca123e019bb92f. gcc/analyzer/ChangeLog: PR analyzer/106573 * region-model.cc (region_model::on_call_pre): Use check_call_args when ensuring that we call get_arg_svalue on all args. Remove redundant call from handling for stdio builtins. Signed-off-by: David Malcolm <dmalcolm@redhat.com> ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2023-03-29 18:18 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2022-08-09 19:51 [Bug analyzer/106573] New: Missing -Wanalyzer-use-of-uninitialized-value on calls handled by state machines dmalcolm at gcc dot gnu.org 2022-08-09 20:33 ` [Bug analyzer/106573] " dmalcolm at gcc dot gnu.org 2022-08-10 0:01 ` cvs-commit at gcc dot gnu.org 2022-08-10 0:07 ` dmalcolm at gcc dot gnu.org 2022-08-15 18:48 ` cvs-commit at gcc dot gnu.org 2023-03-29 18:18 ` cvs-commit at gcc dot gnu.org 2023-03-29 18:18 ` cvs-commit at gcc dot gnu.org
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).