public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/109851] New: False positive va_arg when iterating through format string with for-loop
@ 2023-05-13 23:15 nvinson234+gcc-bugs at gmail dot com
  2024-02-16 19:39 ` [Bug analyzer/109851] [13/14 Regression] " dmalcolm at gcc dot gnu.org
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: nvinson234+gcc-bugs at gmail dot com @ 2023-05-13 23:15 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109851

            Bug ID: 109851
           Summary: False positive va_arg when iterating through format
                    string with for-loop
           Product: gcc
           Version: 13.1.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: analyzer
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: nvinson234+gcc-bugs at gmail dot com
  Target Milestone: ---

Created attachment 55081
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=55081&action=edit
analzyer warning output

When compiling the following code:

  #include<stdio.h>
  #include<stdarg.h>
  #include<string.h>

  void foo(char *fmt, ...) {
      int i = 0;
      char c;
      va_list ap;
      va_start(ap, fmt);

      for (i = 0; (c = fmt[i]) != 0; i++) {
          c = fmt[i];
          if (c == '%') {
              printf("Saw %%");
          }
          if (c == 'd') {
              i = va_arg(ap, int);
          }
      }
      va_end(ap);
  }

  int main(int argc, char **argv) {
      foo("%s.lt", argv[0]);
      return 0;
  }


with the command: gcc -O2 -fanalyzer test.c

The analyzer gives the warning:
    test.c:17:15: warning: ‘va_arg’ expected ‘int’ but received ‘char *’ for
variadic argument 1 of ‘ap’

However, the condition "c == 'd'" is never true and va_arg() is never called.

This is a reduced case based on the lemon_vsnprintf() code found in
sqlite-3.41.2'a tool/lemon.c.

Full warning output attached.

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug analyzer/109851] [13/14 Regression] False positive va_arg when iterating through format string with for-loop
  2023-05-13 23:15 [Bug analyzer/109851] New: False positive va_arg when iterating through format string with for-loop nvinson234+gcc-bugs at gmail dot com
@ 2024-02-16 19:39 ` dmalcolm at gcc dot gnu.org
  2024-03-04 13:00 ` rguenth at gcc dot gnu.org
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2024-02-16 19:39 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109851

David Malcolm <dmalcolm at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|False positive va_arg when  |[13/14 Regression] False
                   |iterating through format    |positive va_arg when
                   |string with for-loop        |iterating through format
                   |                            |string with for-loop
   Last reconfirmed|                            |2024-02-16
             Status|UNCONFIRMED                 |NEW
     Ever confirmed|0                           |1

--- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Thanks for filing this bug report.

The analyzer isn't looking at the content of the string literal and assumes
that any character is possible.  In particular, it isn't attempting to
correlate between the ordering of matches in the string and the ordering of the
variadic arguments.

Still affects trunk and gcc 13:
  Trunk: https://godbolt.org/z/bMP7sq3ea
  GCC 13.2: https://godbolt.org/z/e7eE8Eo4d

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug analyzer/109851] [13/14 Regression] False positive va_arg when iterating through format string with for-loop
  2023-05-13 23:15 [Bug analyzer/109851] New: False positive va_arg when iterating through format string with for-loop nvinson234+gcc-bugs at gmail dot com
  2024-02-16 19:39 ` [Bug analyzer/109851] [13/14 Regression] " dmalcolm at gcc dot gnu.org
@ 2024-03-04 13:00 ` rguenth at gcc dot gnu.org
  2024-03-08 15:36 ` law at gcc dot gnu.org
  2024-05-21  9:15 ` [Bug analyzer/109851] [13/14/15 " jakub at gcc dot gnu.org
  3 siblings, 0 replies; 5+ messages in thread
From: rguenth at gcc dot gnu.org @ 2024-03-04 13:00 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109851

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|---                         |13.3

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug analyzer/109851] [13/14 Regression] False positive va_arg when iterating through format string with for-loop
  2023-05-13 23:15 [Bug analyzer/109851] New: False positive va_arg when iterating through format string with for-loop nvinson234+gcc-bugs at gmail dot com
  2024-02-16 19:39 ` [Bug analyzer/109851] [13/14 Regression] " dmalcolm at gcc dot gnu.org
  2024-03-04 13:00 ` rguenth at gcc dot gnu.org
@ 2024-03-08 15:36 ` law at gcc dot gnu.org
  2024-05-21  9:15 ` [Bug analyzer/109851] [13/14/15 " jakub at gcc dot gnu.org
  3 siblings, 0 replies; 5+ messages in thread
From: law at gcc dot gnu.org @ 2024-03-08 15:36 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109851

Jeffrey A. Law <law at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |law at gcc dot gnu.org
           Priority|P3                          |P2

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug analyzer/109851] [13/14/15 Regression] False positive va_arg when iterating through format string with for-loop
  2023-05-13 23:15 [Bug analyzer/109851] New: False positive va_arg when iterating through format string with for-loop nvinson234+gcc-bugs at gmail dot com
                   ` (2 preceding siblings ...)
  2024-03-08 15:36 ` law at gcc dot gnu.org
@ 2024-05-21  9:15 ` jakub at gcc dot gnu.org
  3 siblings, 0 replies; 5+ messages in thread
From: jakub at gcc dot gnu.org @ 2024-05-21  9:15 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109851

Jakub Jelinek <jakub at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|13.3                        |13.4

--- Comment #2 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
GCC 13.3 is being released, retargeting bugs to GCC 13.4.

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-05-21  9:15 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-05-13 23:15 [Bug analyzer/109851] New: False positive va_arg when iterating through format string with for-loop nvinson234+gcc-bugs at gmail dot com
2024-02-16 19:39 ` [Bug analyzer/109851] [13/14 Regression] " dmalcolm at gcc dot gnu.org
2024-03-04 13:00 ` rguenth at gcc dot gnu.org
2024-03-08 15:36 ` law at gcc dot gnu.org
2024-05-21  9:15 ` [Bug analyzer/109851] [13/14/15 " jakub at gcc dot gnu.org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).