[Bug other/80047] New: fixincludes/fixincl.c: PVS-Studio: Improper Release of Memory Before Removing Last Reference (CWE-401)
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80047
Bug ID: 80047
Summary: fixincludes/fixincl.c: PVS-Studio: Improper Release of
Memory Before Removing Last Reference (CWE-401)
Product: gcc
Version: 7.0.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: other
Assignee: unassigned at gcc dot gnu.org
Reporter: khandeliants at viva64 dot com
Target Milestone: ---
We have found a weakness (CWE-401) using PVS-Studio tool. PVS-Studio is a
static code analyzer for C, C++ and C#: https://www.viva64.com/en/pvs-studio/
Analyzer warning: V575 The null pointer is passed into 'getcwd' function.
Inspect the first argument. fixincl.c 1357
void process (void)
{
if (access (pz_curr_file, R_OK) != 0)
{
int erno = errno;
fprintf (stderr,
"Cannot access %s from %s\n\terror %d (%s)\n",
pz_curr_file,
getcwd ((char *) NULL, MAXPATHLEN), // <=
erno,
xstrerror (erno));
return;
}
}
As an extension to the POSIX.1-2001 standard, glibc's getcwd() allocates the
buffer dynamically using malloc if buf is NULL. In this case, the allocated
buffer has the length size unless size is zero, when buf is allocated as big as
necessary. The caller should free the returned buffer.
[Bug other/80048] New: gcc/sese.c: PVS-Studio: Improper Release of Memory Before Removing Last Reference (CWE-401)
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80048
Bug ID: 80048
Summary: gcc/sese.c: PVS-Studio: Improper Release of Memory
Before Removing Last Reference (CWE-401)
Product: gcc
Version: 7.0.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: other
Assignee: unassigned at gcc dot gnu.org
Reporter: khandeliants at viva64 dot com
Target Milestone: ---
We have found a weakness (CWE-401) using PVS-Studio tool. PVS-Studio is a
static code analyzer for C, C++ and C#: https://www.viva64.com/en/pvs-studio/
Analyzer warning: V625 Consider inspecting the 'for' operator. Initial and
final values of the iterator are the same. sese.c 201
void free_sese_info (sese_info_p region)
{
region->params.release ();
region->loop_nest.release ();
for (rename_map_t::iterator it = region->rename_map->begin();
it != region->rename_map->begin (); ++it)// <=
(*it).second.release();
}
[Bug other/80049] New: gcc/genmodes.c: PVS-Studio: NULL Pointer Dereference (CWE-476)
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80049
Bug ID: 80049
Summary: gcc/genmodes.c: PVS-Studio: NULL Pointer Dereference
(CWE-476)
Product: gcc
Version: 7.0.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: other
Assignee: unassigned at gcc dot gnu.org
Reporter: khandeliants at viva64 dot com
Target Milestone: ---
We have found a weakness (CWE-476) using PVS-Studio tool. PVS-Studio is a
static code analyzer for C, C++ and C#: https://www.viva64.com/en/pvs-studio/
Analyzer warning: V595 The 'm->component' pointer was utilized before it was
verified against nullptr. Check lines: 399, 407. genmodes.c 399
static void complete_mode (struct mode_data *m)
{
if ( m->cl == MODE_COMPLEX_INT
|| m->cl == MODE_COMPLEX_FLOAT)
alignment = m->component->bytesize;// <=
else
alignment = m->bytesize;
m->alignment = alignment & (~alignment + 1);
if (m->component)// <=
{
m->next_cont = m->component->contained;
m->component->contained = m;
}
}
[Bug other/80050] New: gcc/genmatch.c: PVS-Studio: V590
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80050
Bug ID: 80050
Summary: gcc/genmatch.c: PVS-Studio: V590
Product: gcc
Version: 7.0.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: other
Assignee: unassigned at gcc dot gnu.org
Reporter: khandeliants at viva64 dot com
Target Milestone: ---
We have found a bug using PVS-Studio tool. PVS-Studio is a static code analyzer
for C, C++ and C#: https://www.viva64.com/en/pvs-studio/
Analyzer warning: V590 Consider inspecting this expression. The expression is
excessive or contains a misprint. genmatch.c 3829
const cpp_token * parser::next ()
{
const cpp_token *token;
do
{
token = cpp_get_token (r);
}
while ( token->type == CPP_PADDING
&& token->type != CPP_EOF);// <=
return token;
}
[Bug other/80051] New: gcc/dwarf2out.c: PVS-Studio: V501
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80051
Bug ID: 80051
Summary: gcc/dwarf2out.c: PVS-Studio: V501
Product: gcc
Version: 7.0.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: other
Assignee: unassigned at gcc dot gnu.org
Reporter: khandeliants at viva64 dot com
Target Milestone: ---
We have found a bug using PVS-Studio tool. PVS-Studio is a static code analyzer
for C, C++ and C#: https://www.viva64.com/en/pvs-studio/
Analyzer warning: V501 There are identical sub-expressions
'!strcmp(a->v.val_vms_delta.lbl1, b->v.val_vms_delta.lbl1)' to the left and to
the right of the '&&' operator. dwarf2out.c 1434
static bool dw_val_equal_p (dw_val_node *a, dw_val_node *b)
{
switch (a->val_class)
{
case dw_val_class_vms_delta:
return ( !strcmp (a->v.val_vms_delta.lbl1,
b->v.val_vms_delta.lbl1)
&& !strcmp (a->v.val_vms_delta.lbl1, // <=
b->v.val_vms_delta.lbl1)); // <=
}
}
[Bug other/80062] New: gcc/c-family/c-cppbuiltin.c: PVS-Studio: V581
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80062
Bug ID: 80062
Summary: gcc/c-family/c-cppbuiltin.c: PVS-Studio: V581
Product: gcc
Version: 7.0.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: other
Assignee: unassigned at gcc dot gnu.org
Reporter: khandeliants at viva64 dot com
Target Milestone: ---
We have found a bug using PVS-Studio tool. PVS-Studio is a static code analyzer
for C, C++ and C#: https://www.viva64.com/en/pvs-studio/
Analyzer warning: V581 The conditional expressions of the 'if' operators
situated alongside each other are identical. Check lines: 920, 922.
c-cppbuiltin.c 922
void c_cpp_builtins (cpp_reader *pfile)
{
if (cxx_dialect >= cxx11)
{
if (cxx_dialect == cxx11)
cpp_define (pfile, "__cpp_constexpr=200704");
if (cxx_dialect <= cxx14) // <=
cpp_define (pfile, "__cpp_range_based_for=200907");
if (cxx_dialect <= cxx14) // <=
cpp_define (pfile, "__cpp_static_assert=200410");
}
}
[Bug sanitizer/80063] New: gcc/asan.c: PVS-Studio: Incorrect Block Delimitation (CWE-483)
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80063
Bug ID: 80063
Summary: gcc/asan.c: PVS-Studio: Incorrect Block Delimitation
(CWE-483)
Product: gcc
Version: 7.0.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: khandeliants at viva64 dot com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
Target Milestone: ---
We have found a weakness (CWE-483) using PVS-Studio tool. PVS-Studio is a
static code analyzer for C, C++ and C#: https://www.viva64.com/en/pvs-studio/
Analyzer warning: V640 The code's operational logic does not correspond with
its formatting. The second statement will always be executed. It is possible
that curly brackets are missing. asan.c 2582
void initialize_sanitizer_builtins (void)
{
#define DEF_SANITIZER_BUILTIN(ENUM, NAME, TYPE, ATTRS) \
decl = add_builtin_function ("__builtin_" NAME, TYPE, ENUM, \
BUILT_IN_NORMAL, NAME, NULL_TREE); \
set_call_expr_flags (decl, ATTRS);\
set_builtin_decl (ENUM, decl, true);
#include "sanitizer.def"
/* -fsanitize=object-size uses __builtin_object_size, but that might
not be available for e.g. Fortran at this point. We use
DEF_SANITIZER_BUILTIN here only as a convenience macro. */
if ((flag_sanitize & SANITIZE_OBJECT_SIZE)
&& !builtin_decl_implicit_p (BUILT_IN_OBJECT_SIZE))
DEF_SANITIZER_BUILTIN (BUILT_IN_OBJECT_SIZE, "object_size", // <=
BT_FN_SIZE_CONST_PTR_INT,
ATTR_PURE_NOTHROW_LEAF_LIST)
}
The conditional operator covers only the first expression of the macro, the
other two expressions will always be executed. Perhaps this is a mistake, the
macro should be enclosed in braces.
