public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/108400] New: false positive: null dereference
@ 2023-01-13 18:46 chipitsine at gmail dot com
2023-01-26 17:23 ` [Bug analyzer/108400] false positive: null dereference (SoftEtherVPN) dmalcolm at gcc dot gnu.org
` (7 more replies)
0 siblings, 8 replies; 9+ messages in thread
From: chipitsine at gmail dot com @ 2023-01-13 18:46 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108400
Bug ID: 108400
Summary: false positive: null dereference
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: chipitsine at gmail dot com
Target Milestone: ---
bug is reproduced on the following gcc version:
commit f54e3b3ba01ced7ecda3caed51b42f707d489c77 (HEAD -> master, origin/trunk,
origin/master, origin/HEAD)
Author: Alexandre Oliva <oliva@adacore.com>
Date: Thu Jan 12 00:29:33 2023 -0300
repro steps:
git clone --recursive https://github.com/SoftEtherVPN/SoftEtherVPN
cd SoftEtherVPN
export CC=/home/ilia/gcc/gcc-home/bin/gcc
export CFLAGS="-fanalyzer"
cmake .
make
I've reviewed the following finding, which I beleive is false positive
/home/ilia/SoftEtherVPN/src/Cedar/WebUI.c: In function ‘WuExpireSessionKey’:
/home/ilia/SoftEtherVPN/src/Cedar/WebUI.c:1871:29: warning: dereference of NULL
‘0’ [CWE-476] [-Wanalyzer-null-dereference]
1871 | WU_CONTEXT *context = (WU_CONTEXT*)entry->Value;
| ^~~~~~~
‘WuExpireSessionKey’: event 1
|
| 1868 | for(i=0; i<LIST_NUM(wu->Contexts); i++)
|
‘WuExpireSessionKey’: event 2
|
| 1870 | STRMAP_ENTRY *entry =
(STRMAP_ENTRY*)LIST_DATA(wu->Contexts, i);
|
‘WuExpireSessionKey’: event 3
|
| 1870 | STRMAP_ENTRY *entry =
(STRMAP_ENTRY*)LIST_DATA(wu->Contexts, i);
|
‘WuExpireSessionKey’: event 4
|
|/home/ilia/SoftEtherVPN/src/./Mayaqua/Memory.h:116:54:
| 116 | #define LIST_DATA(o, i) (((o) != NULL) ? ((o)->p[(i)]) :
NULL)
| | ~~~^~~
| | |
| | (4) ...to
here
/home/ilia/SoftEtherVPN/src/Cedar/WebUI.c:1870:54: note: in expansion of macro
‘LIST_DATA’
| 1870 | STRMAP_ENTRY *entry =
(STRMAP_ENTRY*)LIST_DATA(wu->Contexts, i);
| | ^~~~~~~~~
|
‘WuExpireSessionKey’: event 5
|
| 1868 | for(i=0; i<LIST_NUM(wu->Contexts); i++)
|
‘WuExpireSessionKey’: events 6-7
|
| 1870 | STRMAP_ENTRY *entry =
(STRMAP_ENTRY*)LIST_DATA(wu->Contexts, i);
| 1871 | WU_CONTEXT *context = (WU_CONTEXT*)entry->Value;
| | ~~~~~~~
| | |
| | (7) dereference of NULL ‘<unknown>’
|
WU_CONTEXT *context = (WU_CONTEXT*)entry->Value; - it is variable definition,
there's no dereference.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/108400] false positive: null dereference (SoftEtherVPN)
2023-01-13 18:46 [Bug analyzer/108400] New: false positive: null dereference chipitsine at gmail dot com
@ 2023-01-26 17:23 ` dmalcolm at gcc dot gnu.org
2023-01-27 23:01 ` [Bug analyzer/108400] -Wanalyzer-null-dereference false positive on SoftEtherVPN's src/Cedar/WebUI.c dmalcolm at gcc dot gnu.org
` (6 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2023-01-26 17:23 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108400
--- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Created attachment 54356
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=54356&action=edit
Reduced reproducer
False positive
seen here with no optimization:
https://godbolt.org/z/cfqz1fYKx
with -O2:
https://godbolt.org/z/b8GeeT9cd
where the wording is slightly different at different optimization levels (but
it's still a false positive)
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/108400] -Wanalyzer-null-dereference false positive on SoftEtherVPN's src/Cedar/WebUI.c
2023-01-13 18:46 [Bug analyzer/108400] New: false positive: null dereference chipitsine at gmail dot com
2023-01-26 17:23 ` [Bug analyzer/108400] false positive: null dereference (SoftEtherVPN) dmalcolm at gcc dot gnu.org
@ 2023-01-27 23:01 ` dmalcolm at gcc dot gnu.org
2023-03-09 21:21 ` cvs-commit at gcc dot gnu.org
` (5 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2023-01-27 23:01 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108400
--- Comment #2 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Looking at the reduced reproducer, -fanalyzer is considering the case where
wu->Contexts is initially non-NULL and thus the loop is entered, but it doesn't
know about the insides of Tick64 and thus considers that after the call to
Tick64() that wu->Contexts could have become NULL, so in the 2nd iteration
LIST_DATA(wu->Contexts, i) could be NULL.
Though there's no way a user could figure that out from what the analyzer
outputs :/
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/108400] -Wanalyzer-null-dereference false positive on SoftEtherVPN's src/Cedar/WebUI.c
2023-01-13 18:46 [Bug analyzer/108400] New: false positive: null dereference chipitsine at gmail dot com
2023-01-26 17:23 ` [Bug analyzer/108400] false positive: null dereference (SoftEtherVPN) dmalcolm at gcc dot gnu.org
2023-01-27 23:01 ` [Bug analyzer/108400] -Wanalyzer-null-dereference false positive on SoftEtherVPN's src/Cedar/WebUI.c dmalcolm at gcc dot gnu.org
@ 2023-03-09 21:21 ` cvs-commit at gcc dot gnu.org
2024-02-16 14:24 ` [Bug analyzer/108400] [12/13/14 Regression] " dmalcolm at gcc dot gnu.org
` (4 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-03-09 21:21 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108400
--- Comment #3 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:4214bdb1d77ebee04d12f66c831730ed67fedf55
commit r13-6565-g4214bdb1d77ebee04d12f66c831730ed67fedf55
Author: David Malcolm <dmalcolm@redhat.com>
Date: Thu Mar 9 16:21:02 2023 -0500
testsuite: add various -Wanalyzer-null-dereference false +ve test cases
There are various -Wanalyzer-null-dereference false +ves in bugzilla
that I've been attempting to fix. Unfortunately I haven't made much
progress, but it seems worth at least capturing the reduced
reproducers as test cases, to make it easier to spot changes in
behavior.
gcc/testsuite/ChangeLog:
PR analyzer/102671
PR analyzer/105755
PR analyzer/108251
PR analyzer/108400
* gcc.dg/analyzer/null-deref-pr102671-1.c: New test, reduced
from Emacs.
* gcc.dg/analyzer/null-deref-pr102671-2.c: Likewise.
* gcc.dg/analyzer/null-deref-pr105755.c: Likewise.
*
gcc.dg/analyzer/null-deref-pr108251-smp_fetch_ssl_fc_has_early-O2.c:
New test, reduced from haproxy's src/ssl_sample.c.
* gcc.dg/analyzer/null-deref-pr108251-smp_fetch_ssl_fc_has_early.c:
Likewise.
* gcc.dg/analyzer/null-deref-pr108400-SoftEtherVPN-WebUi.c: New
test, reduced from SoftEtherVPN's src/Cedar/WebUI.c.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/108400] [12/13/14 Regression] -Wanalyzer-null-dereference false positive on SoftEtherVPN's src/Cedar/WebUI.c
2023-01-13 18:46 [Bug analyzer/108400] New: false positive: null dereference chipitsine at gmail dot com
` (2 preceding siblings ...)
2023-03-09 21:21 ` cvs-commit at gcc dot gnu.org
@ 2024-02-16 14:24 ` dmalcolm at gcc dot gnu.org
2024-03-04 12:59 ` rguenth at gcc dot gnu.org
` (3 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2024-02-16 14:24 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108400
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
Last reconfirmed| |2024-02-16
Status|UNCONFIRMED |NEW
Summary|-Wanalyzer-null-dereference |[12/13/14 Regression]
|false positive on |-Wanalyzer-null-dereference
|SoftEtherVPN's |false positive on
|src/Cedar/WebUI.c |SoftEtherVPN's
| |src/Cedar/WebUI.c
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/108400] [12/13/14 Regression] -Wanalyzer-null-dereference false positive on SoftEtherVPN's src/Cedar/WebUI.c
2023-01-13 18:46 [Bug analyzer/108400] New: false positive: null dereference chipitsine at gmail dot com
` (3 preceding siblings ...)
2024-02-16 14:24 ` [Bug analyzer/108400] [12/13/14 Regression] " dmalcolm at gcc dot gnu.org
@ 2024-03-04 12:59 ` rguenth at gcc dot gnu.org
2024-03-04 13:01 ` chipitsine at gmail dot com
` (2 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: rguenth at gcc dot gnu.org @ 2024-03-04 12:59 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108400
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |12.4
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/108400] [12/13/14 Regression] -Wanalyzer-null-dereference false positive on SoftEtherVPN's src/Cedar/WebUI.c
2023-01-13 18:46 [Bug analyzer/108400] New: false positive: null dereference chipitsine at gmail dot com
` (4 preceding siblings ...)
2024-03-04 12:59 ` rguenth at gcc dot gnu.org
@ 2024-03-04 13:01 ` chipitsine at gmail dot com
2024-03-04 13:02 ` chipitsine at gmail dot com
2024-03-08 15:39 ` law at gcc dot gnu.org
7 siblings, 0 replies; 9+ messages in thread
From: chipitsine at gmail dot com @ 2024-03-04 13:01 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108400
--- Comment #4 from Илья Шипицин <chipitsine at gmail dot com> ---
will it be fixed in 12.4 ?
пн, 4 мар. 2024 г. в 13:59, rguenth at gcc dot gnu.org <
gcc-bugzilla@gcc.gnu.org>:
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108400
>
> Richard Biener <rguenth at gcc dot gnu.org> changed:
>
> What |Removed |Added
>
> ----------------------------------------------------------------------------
> Target Milestone|--- |12.4
>
> --
> You are receiving this mail because:
> You reported the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/108400] [12/13/14 Regression] -Wanalyzer-null-dereference false positive on SoftEtherVPN's src/Cedar/WebUI.c
2023-01-13 18:46 [Bug analyzer/108400] New: false positive: null dereference chipitsine at gmail dot com
` (5 preceding siblings ...)
2024-03-04 13:01 ` chipitsine at gmail dot com
@ 2024-03-04 13:02 ` chipitsine at gmail dot com
2024-03-08 15:39 ` law at gcc dot gnu.org
7 siblings, 0 replies; 9+ messages in thread
From: chipitsine at gmail dot com @ 2024-03-04 13:02 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108400
--- Comment #5 from Илья Шипицин <chipitsine at gmail dot com> ---
quick question, is it going to be fixed in 12.4 ?
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug analyzer/108400] [12/13/14 Regression] -Wanalyzer-null-dereference false positive on SoftEtherVPN's src/Cedar/WebUI.c
2023-01-13 18:46 [Bug analyzer/108400] New: false positive: null dereference chipitsine at gmail dot com
` (6 preceding siblings ...)
2024-03-04 13:02 ` chipitsine at gmail dot com
@ 2024-03-08 15:39 ` law at gcc dot gnu.org
7 siblings, 0 replies; 9+ messages in thread
From: law at gcc dot gnu.org @ 2024-03-08 15:39 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108400
Jeffrey A. Law <law at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |law at gcc dot gnu.org
Priority|P3 |P2
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2024-03-08 15:39 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-13 18:46 [Bug analyzer/108400] New: false positive: null dereference chipitsine at gmail dot com
2023-01-26 17:23 ` [Bug analyzer/108400] false positive: null dereference (SoftEtherVPN) dmalcolm at gcc dot gnu.org
2023-01-27 23:01 ` [Bug analyzer/108400] -Wanalyzer-null-dereference false positive on SoftEtherVPN's src/Cedar/WebUI.c dmalcolm at gcc dot gnu.org
2023-03-09 21:21 ` cvs-commit at gcc dot gnu.org
2024-02-16 14:24 ` [Bug analyzer/108400] [12/13/14 Regression] " dmalcolm at gcc dot gnu.org
2024-03-04 12:59 ` rguenth at gcc dot gnu.org
2024-03-04 13:01 ` chipitsine at gmail dot com
2024-03-04 13:02 ` chipitsine at gmail dot com
2024-03-08 15:39 ` law at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).