Geoffrey1014 SA_Bugs issues

Geoffrey1014 / SA_Bugs

record bugs of static analyzers

1 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

[clang static analyzer] false negative related to alpha.security.ArrayBoundV2

#77 0x21af opened 8 months ago
0
solver doesn't realize that `z > x && z < y` is unsat with the fact `x == y`

#76 0x21af opened 8 months ago
0
pinpoint-fn-1

#75 Geoffrey1014 opened 9 months ago
0
pinpoint-fp-3

#74 Geoffrey1014 opened 9 months ago
0
pinpoint-fp-2

#73 Geoffrey1014 opened 9 months ago
0
pinpoint-fp-1

#72 Geoffrey1014 opened 9 months ago
0
-Wanalyzer-out-of-bounds false negative with `return arr[9];` at -O1 and above

#71 ghost opened 9 months ago
1
-Wanalyzer-out-of-bounds false negative with `return l_1322[9];` at -O1 and above

#70 ghost opened 9 months ago
1
-Wanalyzer-null-dereference false nagetive with `*ptr = 10086`

#69 ghost opened 1 year ago
2
GCC --Wanalyzer-null-dereference false nagetive with `*p = i`

#68 ghost opened 1 year ago
2
GCC --Wanalyzer-null-dereference false nagetive with `*arr[0] = 10086`

#67 ghost opened 1 year ago
2
[clang static analyzer] core.NullDereference false positive with `*p`

#66 ghost opened 1 year ago
1
GCC -Wanalyzer-out-of-bounds False negative

#65 Geoffrey1014 opened 1 year ago
1
GSA evaluates __analyzer_eval(((a())<(0))||((a())==(0))); to be TRUE, but function a() is a unknown function

#64 Geoffrey1014 opened 1 year ago
2
CSA does not know "b > 0" under the if condition that "a>0 && b > a"

#63 Geoffrey1014 opened 1 year ago
2
[clang static analyzer] core.NullDereference false negative with `*e = *c`

#62 ghost opened 1 year ago
2
GCC --Wanalyzer-null-dereference false negative with `*c = 0`

#61 ghost opened 1 year ago
3
GSA evaluates `a > b` to be TRUE but evaluates `b < a` to be UNKNOWN

#60 Geoffrey1014 opened 1 year ago
2
GSA evaluates `e == d + 1` to be UNKNOWN with the fact that `e == d`

#59 0-0x41 opened 1 year ago
3
[clang static analyzer] core.NullDereference false positive with `*(int *)0`

#58 0-0x41 closed 1 year ago
2
GSA does not make the assumption that a pointer `p` to a variable `a`is not NULL

#57 Geoffrey1014 closed 1 year ago
1
GCC Static Analyzer does not kown `c || b.d` is false with the fact that `c=0` and `b.d=0`

#56 0-0x41 opened 1 year ago
2
GSA evaluates `__analyzer_eval((((c) + 1) == ((&b[0]) + 1)))` to be FLASE with the fact `c == &b[0]`

#55 0-0x41 opened 1 year ago
1
GCC --Wdiv-by-zero false negative with `0 <= (f = 0) % e.b`

#54 0-0x41 closed 1 year ago
2
GCC Static Analyzer evaluates `(!(e || d.b) == true)` to be TRUE with the fact that `(e || d.b) == true`

#53 0-0x41 closed 1 year ago
3
GCC --Wanalyzer-null-dereference false negative with `*p = 42`

#52 0-0x41 closed 1 year ago
2
GCC --Wdiv-by-zero false negative with `(d.b = 1) / f`

#51 0-0x41 opened 1 year ago
3
GCC --Wanalyzer-null-dereference false negative with `*(int *)0`

#50 0-0x41 closed 1 year ago
1
[clang static analyzer] `clang_analyzer_eval` result error for `((c ^= b || b) == b)`

#49 0-0x41 closed 1 year ago
1
[clang static analyzer] `clang_analyzer_eval` affects the analyzer's result

#48 0-0x41 closed 1 year ago
1
Unrelated code has effect on the analysis result of GCC Static Analyzer

#47 0-0x41 closed 1 year ago
1
[clang static analyzer] `clang_analyzer_eval` affects the analyzer's result

#46 0-0x41 closed 1 year ago
1
[clang static analyzer] `clang_analyzer_eval` result error for `((&b) + 1) < ((&b) + 2)`

#45 0-0x41 closed 1 year ago
2
[clang static analyzer] core.NullDereference false positive with `*p = 42`

#44 0-0x41 closed 1 year ago
3
[clang static analyzer] core.NullDereference false positive with `*r = 42`

#43 0-0x41 opened 1 year ago
2
CSA does not report the out-of-bounds warning for `*c--` with the fact that `c` is a pointer to an int variable

#42 Geoffrey1014 closed 1 year ago
2
GSA evaluates `((0)+1)==((b[0][0][1])+1)` to be FALSE with the fact that `0 == b[0][0][1]`

#41 Geoffrey1014 closed 1 year ago
3
CSA evaluates `((b)+1)==((0)+1)` to be FALSE with the fact that `b == 0`

#40 Geoffrey1014 closed 1 year ago
2
CSA evaluates `(255UL == b) == true` to be FALSE with the fact that `255UL == b`

#39 Geoffrey1014 opened 1 year ago
2
CSA evaluates `((0)+1)==((a)+1)` to be FALSE with the fact that variable `a` is a pointer and is NULL

#38 Geoffrey1014 closed 1 year ago
2
GCC Static Analyzer evaluates `(((a())>=(0))&&((a())!=(0)))==false` to be FALSE with the fact `a() <= 0` and `a()` return int

#37 Geoffrey1014 closed 1 year ago
2
CSA evaluates `clang_analyzer_eval(((a())<(0))||((a())==(0)));` to be TRUE, but function `a()` is a unknown function.

#36 Geoffrey1014 opened 1 year ago
5
CSA evaluates `((b)+0)<((b)+1)` to be FALSE with the facts that variable `b` is a pointer and is NULL

#35 Geoffrey1014 closed 1 year ago
2
GCC --Wanalyzer-null-dereference false negative with `*q == 0`

#34 0-0x41 opened 1 year ago
5
CSA makes a unreasonable assumption that `a() <= 0` is true

#33 Geoffrey1014 opened 1 year ago
3
CSA evaluates `( ((b)-0) <= ((c)-0) ) ` to be FALSE with the fact `c >= b`

#32 Geoffrey1014 opened 1 year ago
5
GCC Static Analyzer evaluates `( ((c)<=(b)) && ((c)!=(b)) ) == false` to be FALSE with the fact `c >= b`

#31 Geoffrey1014 opened 1 year ago
2
CSA dose not realize that `( ((void *)0) + 0 ) < ( ((void *)0) + 1 )` is true

#30 Geoffrey1014 opened 1 year ago
4
GCC --Wanalyzer-null-dereference false positive with `*f = 42`

#29 0-0x41 opened 1 year ago
5
GCC Static Analyzer -- evaluates `__analyzer_eval((!(((0 != b[0]) == p_9) && p_9))==false)` to be FALSE in the true branch of `if ((((0 != b[0]) == p_9) && p_9))`

#28 Geoffrey1014 opened 1 year ago
2