[Bug analyzer/94639] New: false-positive uninitialized value on fixed sized array
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94639
Bug ID: 94639
Summary: false-positive uninitialized value on fixed sized
array
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: cgzones at googlemail dot com
Target Milestone: ---
Minimized code snippet:
```
#include
void validatedatetime(const char *str)
{
const char *templates[] = {"-dd-dd dd:dd", "-dd-dd"};
size_t len = strlen(str);
for (unsigned t = 0; t < 2; t++) {
if (len != strlen(templates[t])) {
continue;
}
}
}
```
Original code:
https://github.com/vergoh/vnstat/blob/f98c27eaba27ebda703737f8a5539a77b891561e/src/misc.c#L357
GCC analyzer output:
```
$ gcc-10 -c -Wall -Wextra -fanalyzer fixed-array.c
fixed-array.c: In function ‘validatedatetime’:
fixed-array.c:10:28: warning: use of uninitialized value ‘’ [CWE-457]
[-Wanalyzer-use-of-uninitialized-value]
10 | if (len != strlen(templates[t])) {
|^~~~
‘validatedatetime’: events 1-7
|
|9 | for (unsigned t = 0; t < 2; t++) {
| | ^~~ ~~~
| | ||
| | |(4) ...to here
| | (1) following ‘true’ branch (when ‘t <= 1’)...
| | (5) following ‘true’ branch (when ‘t <= 1’)...
| 10 | if (len != strlen(templates[t])) {
| |~
| || |
| || (2) ...to here
| || (6) ...to here
| || (7) use of uninitialized value
‘’ here
| |(3) following ‘false’ branch...
|
```
GCC version:
```
gcc-10 (Debian 10-20200411-1) 10.0.1 20200411 (experimental) [master revision
bb87d5cc77d:75961caccb7:f883c46b4877f637e0fa5025b4d6b5c9040ec566]
```
[Bug analyzer/94640] New: false-positive leaking FILE pointer assigned to function passed pointer
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94640
Bug ID: 94640
Summary: false-positive leaking FILE pointer assigned to
function passed pointer
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: cgzones at googlemail dot com
Target Milestone: ---
Minimized code snippet:
```
#include
int debug;
int opencfgfile(const char *cfgfile, FILE **fd)
{
if (cfgfile[0] != '\0') {
if ((*fd = fopen(cfgfile, "r")) != NULL) {
if (debug) // <-- this seems to trigger the fp
printf("Config file: --config\n");
}
}
return 2;
}
```
Original code:
https://github.com/vergoh/vnstat/blob/f98c27eaba27ebda703737f8a5539a77b891561e/src/cfg.c#L364
GCC analyzer output:
```
$ gcc-10 -c -Wall -Wextra -fanalyzer return_filepointer.c
return_filepointer.c: In function ‘opencfgfile’:
return_filepointer.c:10:8: warning: leak of FILE ‘’ [CWE-775]
[-Wanalyzer-file-leak]
10 |if (debug)
|^
‘opencfgfile’: events 1-7
|
|7 | if (cfgfile[0] != '\0') {
| |^
| ||
| |(1) following ‘true’ branch...
|8 |
|9 | if ((*fd = fopen(cfgfile, "r")) != NULL) {
| |~ ~~~
| || |
| || (2) ...to here
| || (3) opened here
| |(4) assuming ‘’ is non-NULL
| |(5) following ‘true’ branch...
| 10 |if (debug)
| |~
| ||
| |(6) ...to here
| |(7) ‘’ leaks here; was opened at (3)
|
```
GCC version:
```
gcc-10 (Debian 10-20200411-1) 10.0.1 20200411 (experimental) [master revision
bb87d5cc77d:75961caccb7:f883c46b4877f637e0fa5025b4d6b5c9040ec566]
```
[Bug lto/115234] New: Wnull-dereference false-positive on address of local variable
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115234 Bug ID: 115234 Summary: Wnull-dereference false-positive on address of local variable Product: gcc Version: 14.1.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: lto Assignee: unassigned at gcc dot gnu.org Reporter: cgzones at googlemail dot com Target Milestone: --- $ gcc-14 --version gcc-14 (Debian 14.1.0-1) 14.1.0 Reproducer: git clone --depth 1 --branch 3.7-rc1 https://github.com/seLinuxProject/selinux.git cd selinux/ make CC='gcc-14 -flto=auto' DESTDIR=/tmp/selinux_destdir SUBDIRS='libsepol checkpolicy' -j"$(nproc)" install ``` In function ‘sepol_context_from_string’, inlined from ‘context_from_string’ at ../libsepol/src/context.c:315:6, inlined from ‘sepol_context_to_sid’ at ../libsepol/src/services.c:1300:6: ../libsepol/src/context_record.c:206:22: error: potential null pointer dereference [-Werror=null-dereference] 206 | *con = NULL; | ^ ``` context_from_string(): 298: sepol_context_t *ctx_record = NULL; 315: if (sepol_context_from_string(handle, con_cpy, &ctx_record) < 0) sepol_context_from_string(): 198: int sepol_context_from_string(sepol_handle_t * handle, 199: const char *str, sepol_context_t ** con) 206: *con = NULL;
