[Bug analyzer/109783] New: missing warning (due to a wrong suppression) when va_end is not in the same function

[Bug analyzer/109783] New: missing warning (due to a wrong suppression) when va_end is not in the same function

[arsen at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109783

            Bug ID: 109783
           Summary: missing warning (due to a wrong suppression) when
                    va_end is not in the same function
           Product: gcc
           Version: 14.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: analyzer
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: arsen at gcc dot gnu.org
  Target Milestone: ---

in the following code (with -fanalyzer -O3 -Wall -Wextra):

  #include <stdarg.h>

  [[gnu::noinline]]
  void
  f (va_list x)
  {
    va_end (x);
  }

  void
  F (int x, ...)
  {
    va_list ap;
    va_start (ap, x);
    f (ap);
  }

the usage of va_end inside f () is not sufficient to make the va_list usage
correct, because "Each invocation of the va_start and va_copy macros shall be
matched by a corresponding invocation of the va_end macro in the same
function." (C17 7.16.1.p1), but it successfully suppresses -fanalyzer. 
removing the va_end correctly warns.

IMO, this should produce two distinct diagnostics:
1) unterminated (in the same function) va_list, for F, and
2) terminating a va_list in the wrong function, for f

presumably, the non-analyzer diagnostics have the same problem, but I spotted
this when someone proposed adding va_end in the wrong function to suppress a
-fanalyzer warning, so I'm filing that