Bug 1995092 - false positive static code analyzer report with func calls and ptr manipulation
Summary: false positive static code analyzer report with func calls and ptr manipulation
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: gcc
Version: unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: beta
: ---
Assignee: Dave Malcolm
QA Contact: Václav Kadlčík
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-08-18 12:44 UTC by Karol Herbst
Modified: 2023-07-18 14:25 UTC (History)
9 users (show)

Fixed In Version: gcc-11.2.1-9.1.el9
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-05-17 15:55:42 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
c file trigger the report (212 bytes, text/plain)
2021-08-18 12:44 UTC, Karol Herbst 		no flags Details
gcc output (2.67 KB, text/plain)
2021-08-18 12:44 UTC, Karol Herbst 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
GNU Compiler Collection 101962 0 P3 ASSIGNED Analyzer NULL false positive with pointer manipulation 2021-10-27 15:29:31 UTC
Red Hat Issue Tracker RHELPLAN-93963 0 None None None 2021-08-18 21:42:14 UTC
Red Hat Product Errata RHBA-2022:3966 0 None None None 2022-05-17 15:56:11 UTC

Description Karol Herbst 2021-08-18 12:44:23 UTC 
Created attachment 1815187 [details]
c file trigger the report

Description of problem:
Given C file triggers a report which is technically possible, but irrelevant in practise.
The bug to trigger depends on the func1 function to be called twice and the ++ptr manipulation inside. The analyzer assumes this _could_ overflow to NULL and hit a NULL pointer deref in the final return statement.

Version-Release number of selected component (if applicable):
gcc (GCC) 11.2.1 20210728 (Red Hat 11.2.1-2)

How reproducible:
always


Steps to Reproduce:
1. gcc -fanalyzer attachment.c

Actual results:
see second attachment

Expected results:
no error
Comment 1 Karol Herbst 2021-08-18 12:44:43 UTC 
Created attachment 1815188 [details]
gcc output
Comment 4 Dave Malcolm 2021-08-18 16:41:13 UTC 
Filed upstream as https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101962
Comment 10 Dave Malcolm 2021-08-23 18:29:07 UTC 
Fixed upstream on trunk for gcc 12.
Comment 20 Dave Malcolm 2021-12-11 02:58:37 UTC 
Fixed upstream on gcc 11 branch.
Comment 21 Marek Polacek 2022-01-04 21:05:27 UTC 
Moving DTM -- I think we might have a new rebase by then, which would include the bugfix.
Comment 22 Marek Polacek 2022-01-31 16:38:00 UTC 
Build blocked on a problem with aarch64 builders.
Comment 23 Marek Polacek 2022-02-07 16:09:20 UTC 
The fix should be in gcc-11.2.1-9.1.el9, need to double check.
Comment 24 Dave Malcolm 2022-02-07 16:47:46 UTC 
Upstream status:
  Fixed upstream on trunk (for GCC 12) on 2021-08-23 in r12-3094-ge82e0f149b0aba660896ea9aa12c442c07a16d12
  Fixed upstream on releases/gcc-11 branch on 2021-12-10 in r11-9374-gde0656f98640a57cd9dfdb090264afaa06ba46cc
    This fix is *not* in the upstream gcc 11.2 release (which was tagged on 2021-07-28)
  I don't plan to backport the fix to gcc 10 (too much has changed within the analyzer)
Comment 25 Marek Polacek 2022-02-07 16:51:11 UTC 
r11-9374 is in gcc-11.2.1-9.1.el9.
Comment 30 errata-xmlrpc 2022-05-17 15:55:42 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new packages: gcc), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:3966
Note You need to log in before you can comment on or make changes to this bug.