From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
	id 5F5BC3858434; Thu, 23 Mar 2023 22:17:26 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 5F5BC3858434
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1679609846;
	bh=qCWKOAtjOr+U1pz044pEUJS9RCMg9mLmmBewzWpNdis=;
	h=From:To:Subject:Date:From;
	b=ihI+me4xpuoHBf1RQlVx0Eoenwc2IbDlhfSFAm8mdiu3njTD85VoJX7baa+XRo9zw
	 HAw3dnBd8Q1p77q7wsd68uZuQBrdYM4uOW9pwjE2FemDpiP6sVt6hmBwEAj7pcJ+Z4
	 4GOyFkTOVnbLJbteX5kaBm/v5rzBGdM1mZevOS8E=
From: "jg at jguk dot org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug analyzer/109266] New: Wanalyzer-null-dereference does not warn
 when struct is at null
Date: Thu, 23 Mar 2023 22:17:25 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: analyzer
X-Bugzilla-Version: 13.0
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: jg at jguk dot org
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: dmalcolm at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status
 bug_severity priority component assigned_to reporter target_milestone
Message-ID: <bug-109266-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
List-Id: <gcc-bugs.sourceware.org>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D109266

            Bug ID: 109266
           Summary: Wanalyzer-null-dereference does not warn when struct
                    is at null
           Product: gcc
           Version: 13.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: analyzer
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: jg at jguk dot org
  Target Milestone: ---

Couldn't find an existing report for this.
Hope the very useful Analyzer can be enhanced to handle nullptr for structs.
Which means that when reading members of the struct they might be at 0x4 et=
c,
not directly 0x0

Analyzer does detect if the first 'int' in this struct at address nullptr is
read. If the code reads the bytes after in the struct, it doesn't identify =
that
0x4 address is also inaccessible.

Only way to ensure to get a warning is to copy the struct to a local variab=
le
(before reading those bytes at offset 0x4 from the copy).

Try it live:
https://godbolt.org/z/9a611jvfM

-fanalyzer -Wall -O2

typedef struct a
{
    int b;
    char c[3];
} a_t;

void f(a_t * s)
{
    //s->b =3D 0;
    s->c[0] =3D 'b';
}

int main()
{
    a_t * s =3D nullptr;
    f(s);
}=