public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/113606] New: -Wanalyzer-infinite-recursion false positive on code involving strstr, memset, strnlen and -D_FORTIFY_SOURCE
@ 2024-01-25 22:44 dmalcolm at gcc dot gnu.org
2024-02-15 14:34 ` [Bug analyzer/113606] [14 Regression] " dmalcolm at gcc dot gnu.org
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2024-01-25 22:44 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113606
Bug ID: 113606
Summary: -Wanalyzer-infinite-recursion false positive on code
involving strstr, memset, strnlen and
-D_FORTIFY_SOURCE
Product: gcc
Version: 14.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Target Milestone: ---
Taking the following from this downstream bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=2260398
Create str.c:
```
#define _POSIX_C_SOURCE 200809L
#include <stddef.h>
#include <stdio.h>
#include <string.h>
static char*
strredact(char *str, const char *sub, const char c)
{
char *p;
if (!str) return NULL;
if (!sub) return str;
p = strstr(str, sub);
if (!c || !p) return str;
(void)memset(p, c, strnlen(sub, strlen(str)));
return strredact(str, sub, c);
}
int
main (void)
{
char string[] = "This_is_a_string.";
return printf("%s\n", strredact(string, "_", ' '));
}
```
Actual Results (with trunk aka gcc 14):
$ gcc -fanalyzer -Werror -O str.c
$ gcc -fanalyzer -Werror -O -D_FORTIFY_SOURCE=2 str.c
str.c: In function ‘strredact’:
str.c:16:10: error: infinite recursion [CWE-674]
[-Werror=analyzer-infinite-recursion]
16 | return strredact(str, sub, c);
| ^~~~~~~~~~~~~~~~~~~~~~
‘strredact’: events 1-9
|
| 8 | strredact(char *str, const char *sub, const char c)
| | ^~~~~~~~~
| | |
| | (1) entry to ‘strredact’
|......
| 11 | if (!str) return NULL;
| | ~
| | |
| | (2) following ‘false’ branch (when ‘str’ is non-NULL)...
| 12 | if (!sub) return str;
| | ~
| | |
| | (3) ...to here
| | (4) following ‘false’ branch (when ‘sub’ is non-NULL)...
| 13 | p = strstr(str, sub);
| | ~~~~~~~~~~~~~~~~
| | |
| | (5) ...to here
| | (6) when ‘strstr’ returns non-NULL
| 14 | if (!c || !p) return str;
| | ~
| | |
| | (7) following ‘false’ branch...
| 15 | (void)memset(p, c, strnlen(sub, strlen(str)));
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (8) ...to here
| 16 | return strredact(str, sub, c);
| | ~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (9) calling ‘strredact’ from ‘strredact’
|
+--> ‘strredact’: events 10-18
|
| 8 | strredact(char *str, const char *sub, const char c)
| | ^~~~~~~~~
| | |
| | (10) initial entry to ‘strredact’
|......
| 11 | if (!str) return NULL;
| | ~
| | |
| | (11) following ‘false’ branch (when ‘str’ is
non-NULL)...
| 12 | if (!sub) return str;
| | ~
| | |
| | (12) ...to here
| | (13) following ‘false’ branch (when ‘sub’ is
non-NULL)...
| 13 | p = strstr(str, sub);
| | ~~~~~~~~~~~~~~~~
| | |
| | (14) ...to here
| | (15) when ‘strstr’ returns non-NULL
| 14 | if (!c || !p) return str;
| | ~
| | |
| | (16) following ‘false’ branch...
| 15 | (void)memset(p, c, strnlen(sub, strlen(str)));
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (17) ...to here
| 16 | return strredact(str, sub, c);
| | ~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (18) calling ‘strredact’ from ‘strredact’
|
+--> ‘strredact’: events 19-20
|
| 8 | strredact(char *str, const char *sub, const char c)
| | ^~~~~~~~~
| | |
| | (19) recursive entry to ‘strredact’; previously
entered at (10)
| | (20) apparently infinite recursion
|
cc1: all warnings being treated as errors
Expected Results:
$ gcc -fanalyzer -Werror -O str.c
$ gcc -fanalyzer -Werror -O -D_FORTIFY_SOURCE=2 str.c
(no output)
Affects trunk.
Doesn't affect gcc 13.2
Reproduced on Godbolt, see https://godbolt.org/z/ebsq7WhxG
https://godbolt.org/z/Tn7oe1EbG - a slightly more minimized example
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug analyzer/113606] [14 Regression] -Wanalyzer-infinite-recursion false positive on code involving strstr, memset, strnlen and -D_FORTIFY_SOURCE
2024-01-25 22:44 [Bug analyzer/113606] New: -Wanalyzer-infinite-recursion false positive on code involving strstr, memset, strnlen and -D_FORTIFY_SOURCE dmalcolm at gcc dot gnu.org
@ 2024-02-15 14:34 ` dmalcolm at gcc dot gnu.org
2024-03-04 13:08 ` rguenth at gcc dot gnu.org
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2024-02-15 14:34 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113606
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
Summary|-Wanalyzer-infinite-recursi |[14 Regression]
|on false positive on code |-Wanalyzer-infinite-recursi
|involving strstr, memset, |on false positive on code
|strnlen and |involving strstr, memset,
|-D_FORTIFY_SOURCE |strnlen and
| |-D_FORTIFY_SOURCE
Status|UNCONFIRMED |NEW
Last reconfirmed| |2024-02-15
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug analyzer/113606] [14 Regression] -Wanalyzer-infinite-recursion false positive on code involving strstr, memset, strnlen and -D_FORTIFY_SOURCE
2024-01-25 22:44 [Bug analyzer/113606] New: -Wanalyzer-infinite-recursion false positive on code involving strstr, memset, strnlen and -D_FORTIFY_SOURCE dmalcolm at gcc dot gnu.org
2024-02-15 14:34 ` [Bug analyzer/113606] [14 Regression] " dmalcolm at gcc dot gnu.org
@ 2024-03-04 13:08 ` rguenth at gcc dot gnu.org
2024-03-07 20:44 ` law at gcc dot gnu.org
2024-05-07 7:44 ` [Bug analyzer/113606] [14/15 " rguenth at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: rguenth at gcc dot gnu.org @ 2024-03-04 13:08 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113606
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |14.0
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug analyzer/113606] [14 Regression] -Wanalyzer-infinite-recursion false positive on code involving strstr, memset, strnlen and -D_FORTIFY_SOURCE
2024-01-25 22:44 [Bug analyzer/113606] New: -Wanalyzer-infinite-recursion false positive on code involving strstr, memset, strnlen and -D_FORTIFY_SOURCE dmalcolm at gcc dot gnu.org
2024-02-15 14:34 ` [Bug analyzer/113606] [14 Regression] " dmalcolm at gcc dot gnu.org
2024-03-04 13:08 ` rguenth at gcc dot gnu.org
@ 2024-03-07 20:44 ` law at gcc dot gnu.org
2024-05-07 7:44 ` [Bug analyzer/113606] [14/15 " rguenth at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: law at gcc dot gnu.org @ 2024-03-07 20:44 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113606
Jeffrey A. Law <law at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|P3 |P2
CC| |law at gcc dot gnu.org
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug analyzer/113606] [14/15 Regression] -Wanalyzer-infinite-recursion false positive on code involving strstr, memset, strnlen and -D_FORTIFY_SOURCE
2024-01-25 22:44 [Bug analyzer/113606] New: -Wanalyzer-infinite-recursion false positive on code involving strstr, memset, strnlen and -D_FORTIFY_SOURCE dmalcolm at gcc dot gnu.org
` (2 preceding siblings ...)
2024-03-07 20:44 ` law at gcc dot gnu.org
@ 2024-05-07 7:44 ` rguenth at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: rguenth at gcc dot gnu.org @ 2024-05-07 7:44 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113606
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|14.0 |14.2
--- Comment #1 from Richard Biener <rguenth at gcc dot gnu.org> ---
GCC 14.1 is being released, retargeting bugs to GCC 14.2.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-05-07 7:44 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-01-25 22:44 [Bug analyzer/113606] New: -Wanalyzer-infinite-recursion false positive on code involving strstr, memset, strnlen and -D_FORTIFY_SOURCE dmalcolm at gcc dot gnu.org
2024-02-15 14:34 ` [Bug analyzer/113606] [14 Regression] " dmalcolm at gcc dot gnu.org
2024-03-04 13:08 ` rguenth at gcc dot gnu.org
2024-03-07 20:44 ` law at gcc dot gnu.org
2024-05-07 7:44 ` [Bug analyzer/113606] [14/15 " rguenth at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).