Bug 1995092

Summary: false positive static code analyzer report with func calls and ptr manipulation
Product: Red Hat Enterprise Linux 9 Reporter: Karol Herbst <kherbst>
Component: gccAssignee: Dave Malcolm <dmalcolm>
gcc sub component: system-version QA Contact: Václav Kadlčík <vkadlcik>
Status: CLOSED ERRATA Docs Contact:
Severity: unspecified    
Priority: unspecified CC: ahajkova, dmalcolm, fweimer, jakub, kdudka, mpolacek, ohudlick, ovasik, vkadlcik
Version: unspecifiedKeywords: Bugfix, Triaged
Target Milestone: beta   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: gcc-11.2.1-9.1.el9 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-17 15:55:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
c file trigger the report
none
gcc output none

Description Karol Herbst 2021-08-18 12:44:23 UTC
Created attachment 1815187 [details]
c file trigger the report

Description of problem:
Given C file triggers a report which is technically possible, but irrelevant in practise.
The bug to trigger depends on the func1 function to be called twice and the ++ptr manipulation inside. The analyzer assumes this _could_ overflow to NULL and hit a NULL pointer deref in the final return statement.

Version-Release number of selected component (if applicable):
gcc (GCC) 11.2.1 20210728 (Red Hat 11.2.1-2)

How reproducible:
always


Steps to Reproduce:
1. gcc -fanalyzer attachment.c

Actual results:
see second attachment

Expected results:
no error

Comment 1 Karol Herbst 2021-08-18 12:44:43 UTC
Created attachment 1815188 [details]
gcc output

Comment 4 Dave Malcolm 2021-08-18 16:41:13 UTC
Filed upstream as https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101962

Comment 10 Dave Malcolm 2021-08-23 18:29:07 UTC
Fixed upstream on trunk for gcc 12.

Comment 20 Dave Malcolm 2021-12-11 02:58:37 UTC
Fixed upstream on gcc 11 branch.

Comment 21 Marek Polacek 2022-01-04 21:05:27 UTC
Moving DTM -- I think we might have a new rebase by then, which would include the bugfix.

Comment 22 Marek Polacek 2022-01-31 16:38:00 UTC
Build blocked on a problem with aarch64 builders.

Comment 23 Marek Polacek 2022-02-07 16:09:20 UTC
The fix should be in gcc-11.2.1-9.1.el9, need to double check.

Comment 24 Dave Malcolm 2022-02-07 16:47:46 UTC
Upstream status:
  Fixed upstream on trunk (for GCC 12) on 2021-08-23 in r12-3094-ge82e0f149b0aba660896ea9aa12c442c07a16d12
  Fixed upstream on releases/gcc-11 branch on 2021-12-10 in r11-9374-gde0656f98640a57cd9dfdb090264afaa06ba46cc
    This fix is *not* in the upstream gcc 11.2 release (which was tagged on 2021-07-28)
  I don't plan to backport the fix to gcc 10 (too much has changed within the analyzer)

Comment 25 Marek Polacek 2022-02-07 16:51:11 UTC
r11-9374 is in gcc-11.2.1-9.1.el9.

Comment 30 errata-xmlrpc 2022-05-17 15:55:42 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new packages: gcc), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:3966