public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/111229] New: -fanalyzer confused about conditional operator branch name
@ 2023-08-29 19:08 medhefgo at web dot de
2024-02-15 20:00 ` [Bug analyzer/111229] " dmalcolm at gcc dot gnu.org
0 siblings, 1 reply; 2+ messages in thread
From: medhefgo at web dot de @ 2023-08-29 19:08 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111229
Bug ID: 111229
Summary: -fanalyzer confused about conditional operator branch
name
Product: gcc
Version: 13.2.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: medhefgo at web dot de
Target Milestone: ---
In the following test case, the analyzer has the conditional operator's
branches confused: It thinks the "true" branch is "false" and vice-versa.
$cat test.c
char test_true() {
char *c, v = 1;
if (v) {
c = (char *)0;
} else {
c = "a";
}
return *c;
}
char test_false() {
char *c, v = 1;
c = v ? (char *)0 : "a";
return *c;
}
$ gcc -o/dev/null -c test.c -fanalyzer
test.c: In function ‘test_true’:
test.c:8:10: warning: dereference of NULL ‘c’ [CWE-476]
[-Wanalyzer-null-dereference]
8 | return *c;
| ^~
‘test_true’: events 1-4
|
| 3 | if (v) {
| | ^
| | |
| | (1) following ‘true’ branch (when ‘v != 0’)...
| 4 | c = (char *)0;
| | ~~~~~~~~~~~~~
| | |
| | (2) ...to here
| | (3) ‘c’ is NULL
|......
| 8 | return *c;
| | ~~
| | |
| | (4) dereference of NULL ‘c’
|
test.c: In function ‘test_false’:
test.c:13:10: warning: dereference of NULL ‘c’ [CWE-476]
[-Wanalyzer-null-dereference]
13 | return *c;
| ^~
‘test_false’: events 1-5
|
| 12 | c = v ? (char *)0 : "a";
| | ~~~~~~~~~~~~~~~~~~^~~~~
| | | |
| | | (1) following ‘false’ branch (when ‘v !=
0’)...
| | | (2) ...to here
| | | (3) ‘0’ is NULL
| | (4) ‘c’ is NULL
| 13 | return *c;
| | ~~
| | |
| | (5) dereference of NULL ‘c’
|
https://godbolt.org/z/hTvn9PMb4
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Bug analyzer/111229] -fanalyzer confused about conditional operator branch name
2023-08-29 19:08 [Bug analyzer/111229] New: -fanalyzer confused about conditional operator branch name medhefgo at web dot de
@ 2024-02-15 20:00 ` dmalcolm at gcc dot gnu.org
0 siblings, 0 replies; 2+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2024-02-15 20:00 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111229
--- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Thanks for filing this.
Probably a duplicate of PR 100116.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-02-15 20:00 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-08-29 19:08 [Bug analyzer/111229] New: -fanalyzer confused about conditional operator branch name medhefgo at web dot de
2024-02-15 20:00 ` [Bug analyzer/111229] " dmalcolm at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).