From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id E00883858C31; Tue, 30 Apr 2024 05:23:03 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E00883858C31 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1714454583; bh=cCBLQR5UnQpNQ8kJynzBmGmhzAUEivYjKrfgJJZBGak=; h=From:To:Subject:Date:From; b=x/rrBg1Le9ZqldK+XQAc6dE3yxvSDjFBprLoI3vDXnTsJC9VOxOXz+XJp+3PEcX/y rj2uu0+dBf09hsHPkegSVgXUP9XZc0vZe6MN8vkMIyAdCTXIeJjrgpQIUYayyr7exC xjahPwlvelRy9BAFM4WlT5u6HopQ+iY2zPhE/dR4= From: "eggert at cs dot ucla.edu" To: gcc-bugs@gcc.gnu.org Subject: [Bug c/114893] New: -Wanalyzer-null-dereference false positive in Emacs select_window Date: Tue, 30 Apr 2024 05:23:03 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: c X-Bugzilla-Version: 14.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: eggert at cs dot ucla.edu X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D114893 Bug ID: 114893 Summary: -Wanalyzer-null-dereference false positive in Emacs select_window Product: gcc Version: 14.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c Assignee: unassigned at gcc dot gnu.org Reporter: eggert at cs dot ucla.edu Target Milestone: --- Created attachment 58074 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=3D58074&action=3Dedit "gunzip t.i; gcc -std=3Dgnu23 -O2 -S -fanalyzer t.i" to see false positivfe This is gcc (GCC) 14.0.1 20240411 (Red Hat 14.0.1-0) on x86-64. Uncompress = the attached program t.i (derived from Emacs src/textconv.c) and compile with: gcc -std=3Dgnu23 -O2 -S -fanalyzer t.i The incorrect output is at the end of this bug report. The bug seems to be fragile, in that if I edit the program a bit the false positive goes away. A curious thing is that GCC complains about dereferencing w in line 94026 in = this context: 94023 struct window *w; 94024 w =3D XWINDOW (window); 94025 if ((w)->mini 94026 && BUFFERP ((w)->contents) 94027 && !EQ (window, Factive_minibuffer_window ())) 94028 ... even though line 95026 is reachable only via line 94025, which dereferences= w but is not diagnosed. Anyway, here's the incorrect output: t.i: In function =E2=80=98select_window=E2=80=99: t.i:94026:10: warning: dereference of NULL =E2=80=98w=E2=80=99 [CWE-476] [-Wanalyzer-null-dereference] 94026 | && BUFFERP ((w)->contents) | ^~~~~~~~~~~~~~~~~~~~~~~ =E2=80=98handle_pending_conversion_events=E2=80=99: events 1-3 | |95150 | handle_pending_conversion_events (void) | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (1) entry to =E2=80=98handle_pending_conversion_events=E2=80=99 |...... |95166 | for ((tail) =3D Vframe_list; (CONSP (tail) && (frame =3D XCAR (tail), true)); | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | | | (3) inl= ined call to =E2=80=98XCAR=E2=80=99 from =E2=80=98handle_pending_conversion_even= ts=E2=80=99 | | (2) following =E2= =80=98true=E2=80=99 branch... | +--> =E2=80=98XCAR=E2=80=99: event 4 | | 8266 | return XCONS (c)->u.s.car; | | ^ | | | | | (4) inlined call to =E2=80=98XCONS=E2=80=99 fr= om =E2=80=98XCAR=E2=80=99 | +--> =E2=80=98XCONS=E2=80=99: event 5 | | 8244 | return ((struct Lisp_Cons *) ((uintptr_t) XLP = (a) - | | ^~~~~~~~~~~~~~~~= ~~~ | | | | | (5) ...to here | <-------------+ | =E2=80=98handle_pending_conversion_events=E2=80=99: events 6-10 | |95181 | if (w && (last_point !=3D w->ephemeral_last_point)) | | ^ | | | | | (6) following =E2=80=98false=E2=80=99 branch (whe= n =E2=80=98w=E2=80=99 is NULL)... |...... |95199 | action =3D f->conversion.actions; | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (7) ...to here |95200 | if (!action) | | ~ | | | | | (8) following =E2=80=98false=E2=80=99 branch (whe= n =E2=80=98action=E2=80=99 is non-NULL)... |95201 | break; |95202 | if (action->operation =3D=3D TEXTCONV_BARRIER | | ~~~~~~~~~~~~~~~~~ | | | | | (9) ...to here |...... |95207 | w =3D handle_pending_conversion_events_1 (f, action); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (10) calling =E2=80=98handle_pending_conversion_= events_1=E2=80=99 from =E2=80=98handle_pending_conversion_events=E2=80=99 | +--> =E2=80=98handle_pending_conversion_events_1=E2=80=99: events 11-16 | |95048 | handle_pending_conversion_events_1 (struct frame *f, | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (11) entry to =E2=80=98handle_pending_conversion_events= _1=E2=80=99 |...... |95062 | if (conversion_disabled_p ()) | | ~ | | | | | (12) following =E2=80=98false=E2=80=99 branch... |95063 | return ((void *) 0); |95064 | context.check =3D false; | | ~~~~~~~~~~~~~~~~~~~~~ | | | | | (13) ...to here |...... |95078 | switch (operation) | | ~~~~~~ | | | | | (14) following =E2=80=98case 1:=E2=80=99 branch... |...... |95083 | case TEXTCONV_END_BATCH_EDIT: | | ~~~~ | | | | | (15) ...to here |...... |95087 | (WINDOWP (f->old_selected_window) | | ~ | | | | | (16) inlined call to =E2=80=98WINDOWP=E2=80= =99 from =E2=80=98handle_pending_conversion_events_1=E2=80=99 | +--> =E2=80=98WINDOWP=E2=80=99: event 17 | |17514 | return PSEUDOVECTORP (a, PVEC_WINDOW); | | ^ | | | | | (17) inlined call to =E2=80=98PSEUDOVEC= TORP=E2=80=99 from =E2=80=98WINDOWP=E2=80=99 | +--> =E2=80=98PSEUDOVECTORP=E2=80=99: events 18-20 | | 7917 | return (TAGGEDP (a, Lisp_Vectorlike) | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | 7918 | && | | ^~ | | | | | (18) following =E2=80=98true=E2= =80=99 branch... | | (20) following =E2=80=98true=E2= =80=99 branch... | 7919 | ((((union vectorlike_header *) ((uintptr_t) XLP (a) - | |=20=20=20=20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | = | | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20 (19) ...to here | 7920 |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20 (uintptr_t) ((Lisp_Word_tag) | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | 7921 |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 (Lisp_Vectorlike) << | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~ | 7922 |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 (((0x7fffffffffffffffL | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~~~ | 7923 |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 >> (3 - 1)) / 2 < | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~ | 7924 |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 (9223372036854775807L)) | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~ | 7925 |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 ? 0 : VALBITS))))-> | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~ | 7926 | size & (((9223372036854775807= L) - (9223372036854775807L) / 2) | | |=20=20=20=20=20=20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | 7927 | PVEC_TYPE_MASK)) =3D= =3D | | ~~~~~~~~~~~~~~~~~~~ | 7928 | (((9223372036854775807L) - | | ~~~~~~~~~~~~~~~~~~~~~~~~~~ | 7929 | (9223372036854775807L) / | | ~~~~~~~~~~~~~~~~~~~~~~~~ | 7930 | 2) | (code << PSEUDOVECTOR_AREA_BITS)))); | |=20=20=20=20=20=20=20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | <-------------+ | =E2=80=98handle_pending_conversion_events_1=E2=80=99: events 21-22 | |95088 | && BUFFERP ((XWINDOW (f->old_selected_window))->contents))) | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (21) ...to here | | (22) inlined call to =E2=80=98BUFFERP=E2= =80=99 from =E2=80=98handle_pending_conversion_events_1=E2=80=99 | +--> =E2=80=98BUFFERP=E2=80=99: event 23 | |18601 | return PSEUDOVECTORP (a, PVEC_BUFFER); | | ^ | | | | | (23) inlined call to =E2=80=98PSEUDOVEC= TORP=E2=80=99 from =E2=80=98BUFFERP=E2=80=99 | +--> =E2=80=98PSEUDOVECTORP=E2=80=99: events 24-26 | | 7917 | return (TAGGEDP (a, Lisp_Vectorlike) | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | 7918 | && | | ^~ | | | | | (24) following =E2=80=98true=E2= =80=99 branch... | | (26) following =E2=80=98true=E2= =80=99 branch... | 7919 | ((((union vectorlike_header *) ((uintptr_t) XLP (a) - | |=20=20=20=20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | = | | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20 (25) ...to here | 7920 |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20 (uintptr_t) ((Lisp_Word_tag) | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | 7921 |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 (Lisp_Vectorlike) << | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~ | 7922 |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 (((0x7fffffffffffffffL | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~~~ | 7923 |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 >> (3 - 1)) / 2 < | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~ | 7924 |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 (9223372036854775807L)) | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~ | 7925 |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 ? 0 : VALBITS))))-> | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~ | 7926 | size & (((9223372036854775807= L) - (9223372036854775807L) / 2) | | |=20=20=20=20=20=20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | 7927 | PVEC_TYPE_MASK)) =3D= =3D | | ~~~~~~~~~~~~~~~~~~~ | 7928 | (((9223372036854775807L) - | | ~~~~~~~~~~~~~~~~~~~~~~~~~~ | 7929 | (9223372036854775807L) / | | ~~~~~~~~~~~~~~~~~~~~~~~~ | 7930 | 2) | (code << PSEUDOVECTOR_AREA_BITS)))); | |=20=20=20=20=20=20=20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | <-------------+ | =E2=80=98handle_pending_conversion_events_1=E2=80=99: events 27-30 | |95090 | if (f->conversion.batch_edit_flags & PENDING_POINT_CHANGE) | | ~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~ | | | | | | | (27) ...to here | | (28) following =E2=80=98true=E2=80=99 branch... |95091 | { |95092 | locate_and_save_position_in_field (f, w, fals= e); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~= ~~ | | | | | (29) ...to here | | (30) calling =E2=80=98locate_and_save_positio= n_in_field=E2=80=99 from =E2=80=98handle_pending_conversion_events_1=E2=80=99 | +--> =E2=80=98locate_and_save_position_in_field=E2=80=99: events= 31-32 | |94743 | locate_and_save_position_in_field (struct frame = *f, struct window *w, | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (31) entry to =E2=80=98locate_and_save_position_= in_field=E2=80=99 |...... |94758 | select_window (window, builtin_lisp_symbol (1)= ); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (32) calling =E2=80=98select_window=E2=80=99 f= rom =E2=80=98locate_and_save_position_in_field=E2=80=99 | +--> =E2=80=98select_window=E2=80=99: events 33-34 | |94021 | select_window (Lisp_Object window, Lisp_Object norecord) | | ^~~~~~~~~~~~~ | | | | | (33) entry to =E2=80=98select_window=E2= =80=99 |...... |94024 | w =3D XWINDOW (window); | | ~ | | | | | (34) inlined call to =E2=80=98XWIND= OW=E2=80=99 from =E2=80=98select_window=E2=80=99 | +--> =E2=80=98XWINDOW=E2=80=99: event 35 | |17526 | return ((struct window *) ((uintptr_t) XLP (a) - | |=20=20=20=20=20=20=20=20=20 ~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (35) =E2=80=98w=E2=80=99= is NULL |17527 |=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 (uintptr_t) ((Lisp_Word_tag) (Lisp_Vectorlike) << | |=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |17528 |=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20 (((0x7fffffffffffffffL >> (3 - 1)) / | |=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |17529 |=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20 2 < | |=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20 ~~~ |17530 |=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20 (9223372036854775807L)) ? 0 : | |=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |17531 |=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20 VALBITS)))); | |=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20 ~~~~~~~~~~~ | <------+ | =E2=80=98select_window=E2=80=99: events 36-38 | |94025 | if ((w)->mini | | ^ | | | | | (36) following =E2=80=98true=E2=80= =99 branch... |94026 | && BUFFERP ((w)->contents) | | ~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (37) ...to here | | (38) dereference of NULL =E2=80= =98(struct window *)((long unsigned int)window + 18446744073709551611)=E2=80=99 | t.i: In function =E2=80=98locate_and_save_position_in_field=E2=80=99: t.i:94760:28: warning: dereference of NULL =E2=80=98w=E2=80=99 [CWE-476] [-Wanalyzer-null-dereference] 94760 | make_fixed_natnum (((((w->ephemeral_last_point) > | ~~^~~~~~~~~~~~~~~~~~~~~~~ =E2=80=98handle_pending_conversion_events=E2=80=99: events 1-3 | |95150 | handle_pending_conversion_events (void) | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (1) entry to =E2=80=98handle_pending_conversion_events=E2=80=99 |...... |95166 | for ((tail) =3D Vframe_list; (CONSP (tail) && (frame =3D XCAR (tail), true)); | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | | | (3) inl= ined call to =E2=80=98XCAR=E2=80=99 from =E2=80=98handle_pending_conversion_even= ts=E2=80=99 | | (2) following =E2= =80=98true=E2=80=99 branch... | +--> =E2=80=98XCAR=E2=80=99: event 4 | | 8266 | return XCONS (c)->u.s.car; | | ^ | | | | | (4) inlined call to =E2=80=98XCONS=E2=80=99 fr= om =E2=80=98XCAR=E2=80=99 | +--> =E2=80=98XCONS=E2=80=99: event 5 | | 8244 | return ((struct Lisp_Cons *) ((uintptr_t) XLP = (a) - | | ^~~~~~~~~~~~~~~~= ~~~ | | | | | (5) ...to here | <-------------+ | =E2=80=98handle_pending_conversion_events=E2=80=99: events 6-10 | |95181 | if (w && (last_point !=3D w->ephemeral_last_point)) | | ^ | | | | | (6) following =E2=80=98false=E2=80=99 branch (whe= n =E2=80=98w=E2=80=99 is NULL)... |...... |95199 | action =3D f->conversion.actions; | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (7) ...to here |95200 | if (!action) | | ~ | | | | | (8) following =E2=80=98false=E2=80=99 branch (whe= n =E2=80=98action=E2=80=99 is non-NULL)... |95201 | break; |95202 | if (action->operation =3D=3D TEXTCONV_BARRIER | | ~~~~~~~~~~~~~~~~~ | | | | | (9) ...to here |...... |95207 | w =3D handle_pending_conversion_events_1 (f, action); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (10) calling =E2=80=98handle_pending_conversion_= events_1=E2=80=99 from =E2=80=98handle_pending_conversion_events=E2=80=99 | +--> =E2=80=98handle_pending_conversion_events_1=E2=80=99: events 11-16 | |95048 | handle_pending_conversion_events_1 (struct frame *f, | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (11) entry to =E2=80=98handle_pending_conversion_events= _1=E2=80=99 |...... |95062 | if (conversion_disabled_p ()) | | ~ | | | | | (12) following =E2=80=98false=E2=80=99 branch... |95063 | return ((void *) 0); |95064 | context.check =3D false; | | ~~~~~~~~~~~~~~~~~~~~~ | | | | | (13) ...to here |...... |95078 | switch (operation) | | ~~~~~~ | | | | | (14) following =E2=80=98case 1:=E2=80=99 branch... |...... |95083 | case TEXTCONV_END_BATCH_EDIT: | | ~~~~ | | | | | (15) ...to here |...... |95087 | (WINDOWP (f->old_selected_window) | | ~ | | | | | (16) inlined call to =E2=80=98WINDOWP=E2=80= =99 from =E2=80=98handle_pending_conversion_events_1=E2=80=99 | +--> =E2=80=98WINDOWP=E2=80=99: event 17 | |17514 | return PSEUDOVECTORP (a, PVEC_WINDOW); | | ^ | | | | | (17) inlined call to =E2=80=98PSEUDOVEC= TORP=E2=80=99 from =E2=80=98WINDOWP=E2=80=99 | +--> =E2=80=98PSEUDOVECTORP=E2=80=99: events 18-20 | | 7917 | return (TAGGEDP (a, Lisp_Vectorlike) | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | 7918 | && | | ^~ | | | | | (18) following =E2=80=98true=E2= =80=99 branch... | | (20) following =E2=80=98true=E2= =80=99 branch... | 7919 | ((((union vectorlike_header *) ((uintptr_t) XLP (a) - | |=20=20=20=20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | = | | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20 (19) ...to here | 7920 |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20 (uintptr_t) ((Lisp_Word_tag) | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | 7921 |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 (Lisp_Vectorlike) << | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~ | 7922 |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 (((0x7fffffffffffffffL | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~~~ | 7923 |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 >> (3 - 1)) / 2 < | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~ | 7924 |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 (9223372036854775807L)) | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~ | 7925 |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 ? 0 : VALBITS))))-> | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~ | 7926 | size & (((9223372036854775807= L) - (9223372036854775807L) / 2) | | |=20=20=20=20=20=20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | 7927 | PVEC_TYPE_MASK)) =3D= =3D | | ~~~~~~~~~~~~~~~~~~~ | 7928 | (((9223372036854775807L) - | | ~~~~~~~~~~~~~~~~~~~~~~~~~~ | 7929 | (9223372036854775807L) / | | ~~~~~~~~~~~~~~~~~~~~~~~~ | 7930 | 2) | (code << PSEUDOVECTOR_AREA_BITS)))); | |=20=20=20=20=20=20=20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | <-------------+ | =E2=80=98handle_pending_conversion_events_1=E2=80=99: events 21-22 | |95088 | && BUFFERP ((XWINDOW (f->old_selected_window))->contents))) | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (21) ...to here | | (22) inlined call to =E2=80=98BUFFERP=E2= =80=99 from =E2=80=98handle_pending_conversion_events_1=E2=80=99 | +--> =E2=80=98BUFFERP=E2=80=99: event 23 | |18601 | return PSEUDOVECTORP (a, PVEC_BUFFER); | | ^ | | | | | (23) inlined call to =E2=80=98PSEUDOVEC= TORP=E2=80=99 from =E2=80=98BUFFERP=E2=80=99 | +--> =E2=80=98PSEUDOVECTORP=E2=80=99: events 24-26 | | 7917 | return (TAGGEDP (a, Lisp_Vectorlike) | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | 7918 | && | | ^~ | | | | | (24) following =E2=80=98true=E2= =80=99 branch... | | (26) following =E2=80=98true=E2= =80=99 branch... | 7919 | ((((union vectorlike_header *) ((uintptr_t) XLP (a) - | |=20=20=20=20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | = | | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20 (25) ...to here | 7920 |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20 (uintptr_t) ((Lisp_Word_tag) | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | 7921 |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 (Lisp_Vectorlike) << | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~ | 7922 |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 (((0x7fffffffffffffffL | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~~~ | 7923 |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 >> (3 - 1)) / 2 < | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~ | 7924 |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 (9223372036854775807L)) | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~ | 7925 |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 ? 0 : VALBITS))))-> | |=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~ | 7926 | size & (((9223372036854775807= L) - (9223372036854775807L) / 2) | | |=20=20=20=20=20=20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | 7927 | PVEC_TYPE_MASK)) =3D= =3D | | ~~~~~~~~~~~~~~~~~~~ | 7928 | (((9223372036854775807L) - | | ~~~~~~~~~~~~~~~~~~~~~~~~~~ | 7929 | (9223372036854775807L) / | | ~~~~~~~~~~~~~~~~~~~~~~~~ | 7930 | 2) | (code << PSEUDOVECTOR_AREA_BITS)))); | |=20=20=20=20=20=20=20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | <-------------+ | =E2=80=98handle_pending_conversion_events_1=E2=80=99: events 27-30 | |95090 | if (f->conversion.batch_edit_flags & PENDING_POINT_CHANGE) | | ~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~ | | | | | | | (27) ...to here | | (28) following =E2=80=98true=E2=80=99 branch... |95091 | { |95092 | locate_and_save_position_in_field (f, w, fals= e); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~= ~~ | | | | | (29) ...to here | | (30) calling =E2=80=98locate_and_save_positio= n_in_field=E2=80=99 from =E2=80=98handle_pending_conversion_events_1=E2=80=99 | +--> =E2=80=98locate_and_save_position_in_field=E2=80=99: events= 31-32 | |94743 | locate_and_save_position_in_field (struct frame = *f, struct window *w, | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (31) entry to =E2=80=98locate_and_save_position_= in_field=E2=80=99 |...... |94758 | select_window (window, builtin_lisp_symbol (1)= ); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (32) calling =E2=80=98select_window=E2=80=99 f= rom =E2=80=98locate_and_save_position_in_field=E2=80=99 | +--> =E2=80=98select_window=E2=80=99: events 33-34 | |94021 | select_window (Lisp_Object window, Lisp_Object norecord) | | ^~~~~~~~~~~~~ | | | | | (33) entry to =E2=80=98select_window=E2= =80=99 |...... |94024 | w =3D XWINDOW (window); | | ~ | | | | | (34) inlined call to =E2=80=98XWIND= OW=E2=80=99 from =E2=80=98select_window=E2=80=99 | +--> =E2=80=98XWINDOW=E2=80=99: event 35 | |17526 | return ((struct window *) ((uintptr_t) XLP (a) - | |=20=20=20=20=20=20=20=20=20 ~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (35) =E2=80=98w=E2=80=99= is NULL |17527 |=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 (uintptr_t) ((Lisp_Word_tag) (Lisp_Vectorlike) << | |=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |17528 |=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20 (((0x7fffffffffffffffL >> (3 - 1)) / | |=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |17529 |=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20 2 < | |=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20 ~~~ |17530 |=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20 (9223372036854775807L)) ? 0 : | |=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |17531 |=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20 VALBITS)))); | |=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20 ~~~~~~~~~~~ | <------+ | =E2=80=98select_window=E2=80=99: event 36 | |94025 | if ((w)->mini | | ^ | | | | | (36) following =E2=80=98false=E2=80= =99 branch... | =E2=80=98select_window=E2=80=99: event 37 | |cc1: | (37): ...to here | <------+ | =E2=80=98locate_and_save_position_in_field=E2=80=99: events= 38-39 | |94758 | select_window (window, builtin_lisp_symbol (1)= ); | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (38) returning to =E2=80=98locate_and_save_position_in_field=E2=80=99 from =E2=80=98select_wi= ndow=E2=80=99 |94759 | ((pos) =3D |94760 | make_fixed_natnum (((((w->ephemeral_last_poin= t) > | | ~~~~~~~~~~~~~~~~~~~~~~~= ~~ | | | | | (39) dereference of N= ULL =E2=80=98w=E2=80=99 |=