GCC --Wanalyzer-null-dereference false nagetive with `*arr[0] = 10086`

Geoffrey1014 / SA_Bugs

record bugs of static analyzers

3 stars 1 forks source link

GCC --Wanalyzer-null-dereference false nagetive with `*arr[0] = 10086` #67

Open ghost opened 1 year ago

ghost commented 1 year ago

void foo(int pc) {
    int *arr[2] = {&&x, &&y};
    int var = 0;
    goto *arr[pc];

x:
    arr[0] = (void *)0;
    *arr[0] = 10086;
    return;
y:
    return;
}

int main() { foo(0); }

report: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110529 fixed: https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1b761fede44afac5fa72e77caced9beda93fb381

ghost commented 1 year ago

in this case, the analyzer with -O0 -O1 -O2 -O3 doesn't report an NPD about *arr[0] = 10086.

See it live: https://godbolt.org/z/1E9e5oKdE.

ghost commented 1 year ago

CSA not FN: https://godbolt.org/z/8aqxGEorY