https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90264
--- Comment #3 from Roman Zhuykov <zhroma at gcc dot gnu.org> --- (In reply to Jeffrey A. Law from comment #1) > We set *seq = 0. > > Assume we do not return -1 from line A. > > The for loop's initial test will be false because out = *seq = 0 > > out - *seq must also be zero and if that's <= len, then we'll *out = `\0' > which dereferences a NULL pointer. The point is, that if "line A" is not a false positive, then "line B" version also must be warned. Let me than say it is a false negative. Originally it was asprintf, which always sets *seq to non-null, or returns negative when ENOMEM. But compiler doesn't know that logic.
