-Wanalyzer-null-dereference false nagetive with `*ptr = 10086`

Geoffrey1014 / SA_Bugs

record bugs of static analyzers

1 stars 1 forks source link

-Wanalyzer-null-dereference false nagetive with `*ptr = 10086` #69

Open ghost opened 1 year ago

ghost commented 1 year ago

extern void __analyzer_eval();

int main(void) {
    char buf[] = "0";
    int *ptr = (int *)(__builtin_strlen(buf) - 1);
    __analyzer_eval((__builtin_strlen(buf)) == 1);
    *ptr = 10086;
}

report: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110520

ghost commented 1 year ago

Hi,in this case (https://godbolt.org/z/4Md3o94Gx), the ptr is a null pointer, but the analyzer doesn't report an NPD with it. When __builtin_strlen(buf) == 0 (https://godbolt.org/z/fnbMY9W5z), the analyzer reports that.

ghost commented 10 months ago

CSA not FN: https://godbolt.org/z/bTMK4vEM8