search

sheredom / utest.h

🧪 single header unit testing framework for C and C++
The Unlicense
834 stars 57 forks source link

error: dereference of NULL '0' [CWE-476] [-Werror=analyzer-null-dereference] #75

Closed yesudeep closed 2 years ago

yesudeep commented 2 years ago

Error:

../../../third_party/utest/utest.h: In function 'utest_main':
../../../third_party/utest/utest.h:1077:47: error: dereference of NULL '0' [CWE-476] [-Werror=analyzer-null-dereference]
 1077 |       failed_testcases[failed_testcase_index] = index;
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~
compilation terminated due to -Wfatal-errors.

System information:

❯ uname -sr
FreeBSD 13.0-RELEASE

❯ gcc12 --version
gcc12 (FreeBSD Ports Collection) 12.0.0 20210919 (experimental)
Copyright (C) 2021 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
sheredom commented 2 years ago

Gonna need more details I think - the allocation happens just a few lines before that https://github.com/sheredom/utest.h/blob/master/utest.h#L1074

yesudeep commented 2 years ago

I believe GCC with the static analyzer (-fanalyzer) turned on warns about this in case realloc fails and the pointer is set to NULL. One might want to add a NULL check before dereferencing the pointer.

The configuration I was using when the warning was reported:

❯ CC=gcc12 ./configure --prefix=$HOME/code/foo/dist --enable-asan
... elided ...
Configuration parameters:
  AR_FLAGS                       cru
  CC                             gcc12
  CFLAGS                         -g -O2 -std=c11 -fanalyzer -fdiagnostics-color=always -Wall -Wextra -Werror -Wfatal-errors -Wpedantic -pedantic-errors -Wformat=2 -Wformat-security -Wformat-y2k -Werror=missing-declarations -Werror=unused -Werror=unused-result -Werror=unused-local-typedefs -Werror=write-strings -Werror=sign-conversion -Werror=vla -Werror=narrowing -Werror=uninitialized -fsanitize=address
  CPP                            gcc12 -E
  CPPFLAGS
  CXX                            g++
  CXXFLAGS                       -g -O2
  HOST
  HOSTNAME
  LDFLAGS
  host                           amd64-unknown-freebsd13.0
  install prefix                 /home/yesudeep/code/foo/dist
  enable-asan                    yes
  enable-tsan
  enable-ubsan

References:

  1. https://developers.redhat.com/blog/2020/03/26/static-analysis-in-gcc-10
  2. https://developers.redhat.com/blog/2021/01/28/static-analysis-updates-in-gcc-11#four_new_warnings