Re: gcc -fanalyze

bug-gnulib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gcc -fanalyze

From:	Bruno Haible
Subject:	Re: gcc -fanalyze
Date:	Mon, 11 May 2020 23:11:06 +0200
User-agent:	KMail/5.1.3 (Linux/4.4.0-177-generic; KDE/5.18.0; x86_64; ; )

> Find attached a log built with -DGCC_LINT.

I've looked through part of the reports and found the following:


1) Interesting findings:

xmalloc.c:113:10: warning: use of possibly-NULL '<unknown>' where non-null 
expected [CWE-690] [-Wanalyzer-possible-null-argument]
Since xmalloc (0) may be NULL, xmemdup may end up calling memcpy (NULL, p, 0).
We know this is harmless, if no sanitizer is present at run time.
But just to avoid triggering an undefined-behaviour sanitizer, we could treat n 
== 0 specially.

fts.c:1498:25: warning: use of NULL 'cp' where non-null expected [CWE-690] 
[-Wanalyzer-null-argument]
GCC does not know that we expect that ISSET(FTS_NOCHDIR) returns the same value 
at each invocation.
Would it make sense to cache sp->fts_options in a local variable?


2) False positives:

di-set.c:196:15: warning: leak of 'probe' [CWE-401] [-Wanalyzer-malloc-leak]
False positive: It is intentional that 'probe' gets stored in the hash table.

fts-cycle.c:94:10: warning: leak of 'ad' [CWE-401] [-Wanalyzer-malloc-leak]
Likewise.

ino-map.c:163:15: warning: leak of 'probe' [CWE-401] [-Wanalyzer-malloc-leak]
Likewise.

ino-map.c:140:6: warning: leak of 'probe' [CWE-401] [-Wanalyzer-malloc-leak]
False positive: It is intentional that 'probe' gets stored in im->probe.

hash.c:996:7: warning: leak of 'storage.bucket' [CWE-401] 
[-Wanalyzer-malloc-leak]
hash.c:996:7: warning: leak of '<unknown>' [CWE-401] [-Wanalyzer-malloc-leak]
False positives: It is intentional that the bucket gets stored in the hash 
table.

malloca.c:67:11: warning: leak of '<unknown>' [CWE-401] [-Wanalyzer-malloc-leak]
malloca.c:67:11: warning: leak of 'mem' [CWE-401] [-Wanalyzer-malloc-leak]
False positives: p and mem are related.

safe-alloc.c:65:6: warning: leak of '<unknown>' [CWE-401] 
[-Wanalyzer-malloc-leak]
False positive: Allocated memory gets stored in *(void **) ptrptr.

malloc/scratch_buffer_grow.c:54:3: warning: leak of 'new_ptr' [CWE-401] 
[-Wanalyzer-malloc-leak]
False positive: Allocated memory gets stored.

gc-gnulib.c:332:16: warning: leak of 'ctx' [CWE-401] [-Wanalyzer-malloc-leak]
gc-gnulib.c:708:16: warning: leak of 'ctx' [CWE-401] [-Wanalyzer-malloc-leak]
False positive: Allocated memory gets stored in output parameter.

regcomp.c:899:7: warning: leak of '<unknown>' [CWE-401] [-Wanalyzer-malloc-leak]
False positive: Allocated memory gets stored as dfa->state_table.

time_rz.c:259:11: warning: leak of 'old_tz' [CWE-401] [-Wanalyzer-malloc-leak]
Likely a false positive.

vasnprintf.c:5835:5: warning: leak of 'memory' [CWE-401] 
[-Wanalyzer-malloc-leak]
Likely a false positive.


dfa.c:3624:9: warning: double-'free' of '<unknown>' [CWE-415] 
[-Wanalyzer-double-free]
dfa.c:3819:7: warning: double-'free' of '<unknown>' [CWE-415] 
[-Wanalyzer-double-free]
dfa.c:3820:7: warning: double-'free' of '<unknown>' [CWE-415] 
[-Wanalyzer-double-free]
False positives.

quotearg.c:846:5: warning: double-'free' of '<unknown>' [CWE-415] 
[-Wanalyzer-double-free]
False positive: Each i is different.

globfree.c:34:9: warning: double-'free' of '<unknown>' [CWE-415] 
[-Wanalyzer-double-free]
Likewise.

spawn_faction_destroy.c:45:11: warning: double-'free' of '<unknown>' [CWE-415] 
[-Wanalyzer-double-free]
Likewise.


astrxfrm.c:150:15: warning: use of NULL 'resultbuf' where non-null expected 
[CWE-690] [-Wanalyzer-null-argument]
False positive: GCC does not know that length > 0 and thus resultbuf != NULL.

passfd.c:153:39: warning: dereference of NULL '<unknown>' [CWE-690] 
[-Wanalyzer-null-dereference]
False positive: cmsg is non-NULL here.

quotearg.c:749:12: warning: dereference of NULL 'quote_string' [CWE-690] 
[-Wanalyzer-null-dereference]
False positive: quote_string is non-NULL here.

unicase/u-ct-totitle.h:103:13: warning: dereference of NULL 'wp' [CWE-690] 
[-Wanalyzer-null-dereference]
unicase/u-ct-totitle.h:103:13: warning: dereference of NULL 'wp' [CWE-690] 
[-Wanalyzer-null-dereference]
unicase/u-ct-totitle.h:103:13: warning: dereference of NULL 'wp' [CWE-690] 
[-Wanalyzer-null-dereference]
False positive: if wp == NULL, n must be 0, and the loop's body is not executed.


3) Reports I have not analyzed:

regex_internal.h:473:20: warning: double-'free' of '<unknown>' [CWE-415] 
[-Wanalyzer-double-free]
regex_internal.h:473:20: warning: double-'free' of '<unknown>' [CWE-415] 
[-Wanalyzer-double-free]
regex_internal.h:473:20: warning: double-'free' of '<unknown>' [CWE-415] 
[-Wanalyzer-double-free]
regex_internal.h:473:20: warning: double-'free' of '<unknown>' [CWE-415] 
[-Wanalyzer-double-free]
regex_internal.h:473:20: warning: double-'free' of '<unknown>' [CWE-415] 
[-Wanalyzer-double-free]
regex_internal.h:473:20: warning: double-'free' of '<unknown>' [CWE-415] 
[-Wanalyzer-double-free]
regex_internal.h:473:20: warning: double-'free' of 'last' [CWE-415] 
[-Wanalyzer-double-free]

regcomp.c:3780:16: warning: use after 'free' of 'cset' [CWE-416] 
[-Wanalyzer-use-after-free]

argp-help.c:147:42: warning: dereference of NULL 'state' [CWE-690] 
[-Wanalyzer-null-dereference]
argp-help.c:1222:14: warning: dereference of NULL 'hol' [CWE-690] 
[-Wanalyzer-null-dereference]
argp-help.c:1327:10: warning: dereference of NULL 'hol' [CWE-690] 
[-Wanalyzer-null-dereference]
argp-help.c:1367:28: warning: dereference of NULL 'argp' [CWE-690] 
[-Wanalyzer-null-dereference]
argp-help.c:1391:28: warning: dereference of NULL 'argp' [CWE-690] 
[-Wanalyzer-null-dereference]
argp-help.c:1482:25: warning: dereference of NULL 'argp' [CWE-690] 
[-Wanalyzer-null-dereference]
argp-help.c:1494:11: warning: dereference of NULL 'argp' [CWE-690] 
[-Wanalyzer-null-dereference]
argp-help.c:1631:22: warning: dereference of NULL 'hol' [CWE-690] 
[-Wanalyzer-null-dereference]
argp-help.c:1670:14: warning: dereference of NULL 'hol' [CWE-690] 
[-Wanalyzer-null-dereference]
dfa.c:4069:3: warning: dereference of NULL 'mp' [CWE-690] 
[-Wanalyzer-null-dereference]
dfa.c:4071:34: warning: dereference of NULL 'mp' [CWE-690] 
[-Wanalyzer-null-dereference]
dfa.c:4138:28: warning: dereference of NULL 'mp' [CWE-690] 
[-Wanalyzer-null-dereference]
dfa.c:4179:13: warning: dereference of NULL 'mp' [CWE-690] 
[-Wanalyzer-null-dereference]
dfa.c:4183:22: warning: dereference of NULL 'mp' [CWE-690] 
[-Wanalyzer-null-dereference]
dfa.c:4200:28: warning: dereference of NULL 'mp' [CWE-690] 
[-Wanalyzer-null-dereference]


Bruno

[Prev in Thread]

Current Thread

[Next in Thread]

gcc -fanalyze, Bruno Haible, 2020/05/09
- Re: gcc -fanalyze, Paul Eggert, 2020/05/09
  - Re: gcc -fanalyze, Bruno Haible, 2020/05/10
    - Re: gcc -fanalyze, Bruno Haible <=
    - Re: gcc -fanalyze, Paul Eggert, 2020/05/12
  - Re: gcc -fanalyze, Paul Eggert, 2020/05/10
  - Re: gcc -fanalyze, Kamil Dudka, 2020/05/11
    - Re: gcc -fanalyze, Paul Eggert, 2020/05/11
    - Re: gcc -fanalyze, Bruno Haible, 2020/05/11
    - Re: gcc -fanalyze, Kamil Dudka, 2020/05/12
    - Re: gcc -fanalyze, Bruno Haible, 2020/05/12
    - Re: gcc -fanalyze, Kamil Dudka, 2020/05/12
    - Re: gcc -fanalyze, Paul Eggert, 2020/05/12
    - Re: gcc -fanalyze, Kamil Dudka, 2020/05/12

Prev by Date: Re: gcc -fanalyze
Next by Date: Re: portability of fopen and 'e' (O_CLOEXEC) flag
Previous by thread: Re: gcc -fanalyze
Next by thread: Re: gcc -fanalyze
Index(es):
- Date
- Thread