public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "cvs-commit at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug analyzer/106626] Improvements to wording of -Wanalyzer-out-of-bounds Date: Thu, 01 Dec 2022 02:31:33 +0000 [thread overview] Message-ID: <bug-106626-4-NG6pIjvs4n@http.gcc.gnu.org/bugzilla/> (raw) In-Reply-To: <bug-106626-4@http.gcc.gnu.org/bugzilla/> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106626 --- Comment #5 from CVS Commits <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>: https://gcc.gnu.org/g:1d86af242bc4a8e68aebf1f3b8c985f2d17fa791 commit r13-4429-g1d86af242bc4a8e68aebf1f3b8c985f2d17fa791 Author: David Malcolm <dmalcolm@redhat.com> Date: Wed Nov 30 21:26:43 2022 -0500 diagnostics: tweak diagnostic_path::interprocedural_p [PR106626] The region-creation event at the start of... <source>: In function 'int_arr_write_element_after_end_off_by_one': <source>:14:11: warning: buffer overflow [CWE-787] [-Wanalyzer-out-of-bounds] 14 | arr[10] = x; | ~~~~~~~~^~~ event 1 | | 10 | int32_t arr[10]; | | ^~~ | | | | | (1) capacity is 40 bytes | +--> 'int_arr_write_element_after_end_off_by_one': events 2-3 | | 12 | void int_arr_write_element_after_end_off_by_one(int32_t x) | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (2) entry to 'int_arr_write_element_after_end_off_by_one' | 13 | { | 14 | arr[10] = x; /* { dg-line line } */ | | ~~~~~~~~~~~ | | | | | (3) out-of-bounds write from byte 40 till byte 43 but 'arr' ends at byte 40 | <source>:14:11: note: write of 4 bytes to beyond the end of 'arr' 14 | arr[10] = x; | ~~~~~~~~^~~ <source>:14:11: note: valid subscripts for 'arr' are '[0]' to '[9]' ...makes diagnostic_manager::finish_pruning consider the path to be interprocedural, and so it doesn't prune the function entry event. This patch tweaks diagnostic_path::interprocedural_p to ignore leading events outside of any function, so that it considers the path to be intraprocedural, and thus diagnostic_manager::finish_pruning prunes the function entry event, leading to this simpler output: <source>: In function 'int_arr_write_element_after_end_off_by_one': <source>:14:11: warning: buffer overflow [CWE-787] [-Wanalyzer-out-of-bounds] 14 | arr[10] = x; | ~~~~~~~~^~~ event 1 | | 10 | int32_t arr[10]; | | ^~~ | | | | | (1) capacity is 40 bytes | +--> 'int_arr_write_element_after_end_off_by_one': event 2 | | 14 | arr[10] = x; | | ~~~~~~~~^~~ | | | | | (2) out-of-bounds write from byte 40 till byte 43 but 'arr' ends at byte 40 | <source>:14:11: note: write of 4 bytes to beyond the end of 'arr' <source>:14:11: note: valid subscripts for 'arr' are '[0]' to '[9]' gcc/ChangeLog: PR analyzer/106626 * diagnostic-path.h (diagnostic_path::get_first_event_in_a_function): New decl. * diagnostic.cc (diagnostic_path::get_first_event_in_a_function): New. (diagnostic_path::interprocedural_p): Ignore leading events that are outside of any function. gcc/testsuite/ChangeLog: PR analyzer/106626 * gcc.dg/analyzer/out-of-bounds-multiline-1.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
next prev parent reply other threads:[~2022-12-01 2:31 UTC|newest] Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-08-15 13:08 [Bug analyzer/106626] New: " dmalcolm at gcc dot gnu.org 2022-08-15 18:48 ` [Bug analyzer/106626] " cvs-commit at gcc dot gnu.org 2022-12-01 2:31 ` cvs-commit at gcc dot gnu.org 2022-12-01 2:31 ` cvs-commit at gcc dot gnu.org 2022-12-01 2:31 ` cvs-commit at gcc dot gnu.org 2022-12-01 2:31 ` cvs-commit at gcc dot gnu.org [this message] 2022-12-01 2:31 ` cvs-commit at gcc dot gnu.org 2023-04-07 12:36 ` dmalcolm at gcc dot gnu.org 2023-06-22 2:06 ` cvs-commit at gcc dot gnu.org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-106626-4-NG6pIjvs4n@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).