[Bug analyzer/97893] Analyzer should only use CWE 690 when null ptr is from unchecked function return value

Wed, 18 Nov 2020 12:56:36 -0800 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97893

--- Comment #1 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalc...@gcc.gnu.org>:

https://gcc.gnu.org/g:f3f312b535f57b5773953746f6ad0d890ce09b88

commit r11-5148-gf3f312b535f57b5773953746f6ad0d890ce09b88
Author: David Malcolm <dmalc...@redhat.com>
Date:   Wed Nov 18 15:53:36 2020 -0500

    analyzer: only use CWE-690 for unchecked return value [PR97893]

    CWE-690 is only for dereferencing an unchecked return value; for
    other kinds of NULL dereference, use the parent classification, CWE-476.

    gcc/analyzer/ChangeLog:
            PR analyzer/97893
            * sm-malloc.cc (null_deref::emit): Use CWE-476 rather than
            CWE-690, as this isn't due to an unchecked return value.
            (null_arg::emit): Likewise.

    gcc/testsuite/ChangeLog:
            PR analyzer/97893
            * gcc.dg/analyzer/malloc-1.c: Add CWE-690 and CWE-476 codes to
            expected output.

Reply via email to