https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80063
Bug ID: 80063
Summary: gcc/asan.c: PVS-Studio: Incorrect Block Delimitation
(CWE-483)
Product: gcc
Version: 7.0.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: khandeliants at viva64 dot com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
Target Milestone: ---
We have found a weakness (CWE-483) using PVS-Studio tool. PVS-Studio is a
static code analyzer for C, C++ and C#: https://www.viva64.com/en/pvs-studio/
Analyzer warning: V640 The code's operational logic does not correspond with
its formatting. The second statement will always be executed. It is possible
that curly brackets are missing. asan.c 2582
void initialize_sanitizer_builtins (void)
{
....
#define DEF_SANITIZER_BUILTIN(ENUM, NAME, TYPE, ATTRS) \
decl = add_builtin_function ("__builtin_" NAME, TYPE, ENUM, \
BUILT_IN_NORMAL, NAME, NULL_TREE); \
set_call_expr_flags (decl, ATTRS); \
set_builtin_decl (ENUM, decl, true);
#include "sanitizer.def"
/* -fsanitize=object-size uses __builtin_object_size, but that might
not be available for e.g. Fortran at this point. We use
DEF_SANITIZER_BUILTIN here only as a convenience macro. */
if ((flag_sanitize & SANITIZE_OBJECT_SIZE)
&& !builtin_decl_implicit_p (BUILT_IN_OBJECT_SIZE))
DEF_SANITIZER_BUILTIN (BUILT_IN_OBJECT_SIZE, "object_size", // <=
BT_FN_SIZE_CONST_PTR_INT,
ATTR_PURE_NOTHROW_LEAF_LIST)
....
}
The conditional operator covers only the first expression of the macro, the
other two expressions will always be executed. Perhaps this is a mistake, the
macro should be enclosed in braces.
