From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 989B1398B859; Tue, 9 Feb 2021 16:01:03 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 989B1398B859 From: "antonio.chirizzi at gmail dot com" To: gcc-bugs@gcc.gnu.org Subject: [Bug analyzer/99028] New: diagnostic path is too verbose Date: Tue, 09 Feb 2021 16:01:03 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: analyzer X-Bugzilla-Version: 11.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: antonio.chirizzi at gmail dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: dmalcolm at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Feb 2021 16:01:03 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D99028 Bug ID: 99028 Summary: diagnostic path is too verbose Product: gcc Version: 11.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: antonio.chirizzi at gmail dot com Target Milestone: --- Created attachment 50151 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=3D50151&action=3Dedit Tar.gz file which contains the path.c file (from the git source code repo) When analysing a path for a possible null dereference, in the straight forw= ard case, there should be no need to show the verbose description of how it can lead to a null dereference. Take this case where a call to malloc is followed by the usage of the retur= ned pointer: In function =E2=80=98add_to_trie=E2=80=99: path.c:175:28: warning: dereference of possibly-NULL =E2=80=98child=E2=80= =99 [CWE-690] [-Wanalyzer-possible-null-dereference] 175 | child->len =3D root->len - i - 1; | ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~ =E2=80=98add_to_trie=E2=80=99: events 1-8 | | 157 | if (!*key) { | | ^ | | | | | (1) following =E2=80=98false=E2=80=99 branch... |...... | 164 | for (i =3D 0; i < root->len; i++) { | | ~~~~~ ~~~~~~~~~~~~~ | | | | | | | (3) following =E2=80=98true=E2=80=99 bra= nch... | | (2) ...to here | 165 | if (root->contents[i] =3D=3D key[i]) | | ~~~~~~~~~~~~~~~ | | | | | | | (4) ...to here | | (5) following =E2=80=98false=E2=80=99 branc= h... |...... | 172 | child =3D malloc(sizeof(*child)); | | ~~~~~~~~~~~~~~~~~~~~~~ | | | | | (6) ...to here | | (7) this call could return NULL |...... | 175 | child->len =3D root->len - i - 1; | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (8) =E2=80=98child=E2=80=99 could b= e NULL: unchecked value from (7) | I am attaching the source code which demonstrates this. Use only "gcc -fanalyzer -c path.c"=