-Wanalyzer-out-of-bounds false negative with `return arr[9];` at -O1 and above

Geoffrey1014 / SA_Bugs

record bugs of static analyzers

3 stars 1 forks source link

-Wanalyzer-out-of-bounds false negative with `return arr[9];` at -O1 and above #71

Open ghost opened 1 year ago

ghost commented 1 year ago

static int f();
int f() {
    int arr[1];
    for (int h = 0; h < 1; h++) arr[h] = 3;
    return arr[9];
}
int main() { f(); }

report: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111213

ghost commented 1 year ago

Hi, this case (https://godbolt.org/z/98PMz1KKz) contains an out-of-bound error (stmt: return arr[9];). At -O0, the analyzer can report this warning. However, at -O1, -O2, and -O3, the analyzer doesn't report that.

After removing the static keyword (https://godbolt.org/z/qKohK3eeY), the analyzer can report this warning at -O1, -O2, and -O3.