From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 21E043852C67; Thu, 1 Dec 2022 02:31:34 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 21E043852C67 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1669861894; bh=ETJRT1AVAhuBctco1DLdJUolk+OEGVzmCjG5RgH5xho=; h=From:To:Subject:Date:In-Reply-To:References:From; b=NhvPA5dvr9jUCDg99vBbQFR9KYUdYk92itAv5PaUdGUAXBFg5gQju3cNeTHA8WcqD FePRtrIfHA5fw/noYw2CZfonONT/aih8vOaQN7nV7ScUmP+FyZR/3+WBw1WBtJAMeU 9dqQ+KbHdEgglXeTccU8aKzdnCoPyaIooDDx6yMg= From: "cvs-commit at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug analyzer/106626] Improvements to wording of -Wanalyzer-out-of-bounds Date: Thu, 01 Dec 2022 02:31:33 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: analyzer X-Bugzilla-Version: 13.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: dmalcolm at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D106626 --- Comment #5 from CVS Commits --- The master branch has been updated by David Malcolm : https://gcc.gnu.org/g:1d86af242bc4a8e68aebf1f3b8c985f2d17fa791 commit r13-4429-g1d86af242bc4a8e68aebf1f3b8c985f2d17fa791 Author: David Malcolm Date: Wed Nov 30 21:26:43 2022 -0500 diagnostics: tweak diagnostic_path::interprocedural_p [PR106626] The region-creation event at the start of... : In function 'int_arr_write_element_after_end_off_by_one': :14:11: warning: buffer overflow [CWE-787] [-Wanalyzer-out-of-bounds] 14 | arr[10] =3D x; | ~~~~~~~~^~~ event 1 | | 10 | int32_t arr[10]; | | ^~~ | | | | | (1) capacity is 40 bytes | +--> 'int_arr_write_element_after_end_off_by_one': events 2-3 | | 12 | void int_arr_write_element_after_end_off_by_one(int= 32_t x) | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (2) entry to 'int_arr_write_element_after_end_off_by_one' | 13 | { | 14 | arr[10] =3D x; /* { dg-line line } */ | | ~~~~~~~~~~~ | | | | | (3) out-of-bounds write from byte 40 till byte 43 but 'arr' ends at byte 40 | :14:11: note: write of 4 bytes to beyond the end of 'arr' 14 | arr[10] =3D x; | ~~~~~~~~^~~ :14:11: note: valid subscripts for 'arr' are '[0]' to '[9]' ...makes diagnostic_manager::finish_pruning consider the path to be interprocedural, and so it doesn't prune the function entry event. This patch tweaks diagnostic_path::interprocedural_p to ignore leading events outside of any function, so that it considers the path to be intraprocedural, and thus diagnostic_manager::finish_pruning prunes the function entry event, leading to this simpler output: : In function 'int_arr_write_element_after_end_off_by_one': :14:11: warning: buffer overflow [CWE-787] [-Wanalyzer-out-of-bounds] 14 | arr[10] =3D x; | ~~~~~~~~^~~ event 1 | | 10 | int32_t arr[10]; | | ^~~ | | | | | (1) capacity is 40 bytes | +--> 'int_arr_write_element_after_end_off_by_one': event 2 | | 14 | arr[10] =3D x; | | ~~~~~~~~^~~ | | | | | (2) out-of-bounds write from byte 40 till byte 43 but 'arr' ends at byte 40 | :14:11: note: write of 4 bytes to beyond the end of 'arr' :14:11: note: valid subscripts for 'arr' are '[0]' to '[9]' gcc/ChangeLog: PR analyzer/106626 * diagnostic-path.h (diagnostic_path::get_first_event_in_a_function): New decl. * diagnostic.cc (diagnostic_path::get_first_event_in_a_function= ): New. (diagnostic_path::interprocedural_p): Ignore leading events that are outside of any function. gcc/testsuite/ChangeLog: PR analyzer/106626 * gcc.dg/analyzer/out-of-bounds-multiline-1.c: New test. Signed-off-by: David Malcolm =