https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90264
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |RESOLVED
Resolution|--- |INVALID
--- Comment #5 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
The warning started with r270574.
That said, I don't see why it wouldn't be fine to warn with line A and not warn
with line B, there is a significant difference between the two, in particular
that with line A, len is known to be in range [1, INT_MAX] in the
if ((out - *seq) > len) return -2;
statement, and as there is out && in the condition, showing that *seq in theory
could be NULL, the compiler considers that path, and that path is broken with
line A, because the for loop will not do anything, out == *seq == NULL,
out - *seq is 0 and that is never > 1 or larger and thus *out will be
dereferenced.
Compare that to line B, where nothing is known about len value, it could be 0,
or could be negative, so it is possible that return -2; will happen in that
case and the invalid dereference will not happen.
