GCC --Wanalyzer-null-dereference false negative with `*(int *)0`

Geoffrey1014 / SA_Bugs

record bugs of static analyzers

1 stars 1 forks source link

GCC --Wanalyzer-null-dereference false negative with `(int )0` #50

Closed 0-0x41 closed 1 year ago

0-0x41 commented 1 year ago

date: 2023-1-17 commit: 8c8ca873216387bc26046615c806b96f0345ff9d args: -O0 -fanalyzer test:

void __analyzer_eval();

void f(int b)
{
    if (b++ && b)
    {
        __analyzer_eval(b++ && b);
        *(int *)0;
    }
}

report: fix: original:

0-0x41 commented 1 year ago

In this case, __analyzer_eval(b++ && b) has output, indicating that the if branch is reachable, yet analyzer does not produce an NPD warning for *(int *)0. See it live: https://godbolt.org/z/e3csn8dhE

Geoffrey1014 / SA_Bugs

GCC --Wanalyzer-null-dereference false negative with `*(int *)0` #50

GCC --Wanalyzer-null-dereference false negative with `(int )0` #50