https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97893
Bug ID: 97893 Summary: Analyzer should only use CWE 690 when null ptr is from a function return Product: gcc Version: 11.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- >From an email from a user: > -Wanalyzer-possible-null-dereference reports CWE-690. If we > know that the NULL is the result of a function returning NULL, then 690 is > correct. Otherwise, 476 is the parent of 690 which means it's a more > generalized classification for all NULL ptr dereferences. So, it's probably > what we want for less specific kinds of dereferences. Internally, 690 is used unconditionally by possible_null_deref::emit, possible_null_arg::emit, null_deref::emit, and null_arg::emit.