Clang does not realize that result can only ever be NULL when allocated==0, or that (needed) is always positive so that the true branch will always be taken when result starts life as NULL. Adding a false branch fixes the analysis, even though the false branch will never be taken.
* lib/vasnprintf.c (VASNPRINTF) [ENSURE_ALLOCATION]: Teach clang that ENSURE_ALLOCATION guarantees a non-null result. Signed-off-by: Eric Blake <[email protected]> --- Bruno, would you be okay with this patch? clang correctly deduces that when resultbuf==NULL at function entry, then result starts life as NULL prior to the main loop. However, it fails to realize that result is only ever NULL when allocation is also 0, and therefore assumes that the false branch of ENSURE_ALLOCATION can be taken which would leave result as NULL. Without this patch, that results in several false positive NULL-dereference warnings. ChangeLog | 6 ++++++ lib/vasnprintf.c | 4 +++- 2 files changed, 9 insertions(+), 1 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4693863..fc79f31 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2011-02-14 Eric Blake <[email protected]> + + vasnprintf: silence some clang false positives + * lib/vasnprintf.c (VASNPRINTF) [ENSURE_ALLOCATION]: Teach clang + that ENSURE_ALLOCATION guarantees a non-null result. + 2011-02-13 Bruno Haible <[email protected]> mbrtowc: Add more tests for native Windows platforms. diff --git a/lib/vasnprintf.c b/lib/vasnprintf.c index 8f07308..ea6e5a2 100644 --- a/lib/vasnprintf.c +++ b/lib/vasnprintf.c @@ -1837,7 +1837,9 @@ VASNPRINTF (DCHAR_T *resultbuf, size_t *lengthp, if (result == resultbuf && length > 0) \ DCHAR_CPY (memory, result, length); \ result = memory; \ - } + } \ + else if (!result) \ + abort () for (cp = format, i = 0, dp = &d.dir[0]; ; cp = dp->dir_end, i++, dp++) { -- 1.7.4
