= 0 and i < 0 on openssl

dmalcolm at gcc dot gnu.org Fri, 27 Mar 2020 09:53:02 -0700

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94362


            Bug ID: 94362
           Summary: False analyzer report due to i >= 0 and i < 0 on
                    openssl
           Product: gcc
           Version: 10.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: analyzer
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: dmalcolm at gcc dot gnu.org
  Target Milestone: ---

Created attachment 48134
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=48134&action=edit
Reduced test case

https://github.com/openssl/openssl/issues/11420 reports what looks like a false
positive:
  crypto/asn1/ameth_lib.c:131:18: error: dereference of NULL 'ameth' [CWE-690]
[-Werror=analyzer-null-dereference]

where on the path to the diagnostic i >= 0 and i < 0, which ought to be
rejected by constraint-checking.

I'm attaching a somewhat simplified reproducer.

[Bug analyzer/94362] New: False analyzer report due to i >= 0 and i < 0 on openssl

Reply via email to