[Bug analyzer/108400] -Wanalyzer-null-dereference false positive on SoftEtherVPN's src/Cedar/WebUI.c

2023-03-09 Thread cvs-commit at gcc dot gnu.org via Gcc-bugs 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108400

--- Comment #3 from CVS Commits  ---
The master branch has been updated by David Malcolm :

https://gcc.gnu.org/g:4214bdb1d77ebee04d12f66c831730ed67fedf55

commit r13-6565-g4214bdb1d77ebee04d12f66c831730ed67fedf55
Author: David Malcolm 
Date:   Thu Mar 9 16:21:02 2023 -0500

testsuite: add various -Wanalyzer-null-dereference false +ve test cases

There are various -Wanalyzer-null-dereference false +ves in bugzilla
that I've been attempting to fix.  Unfortunately I haven't made much
progress, but it seems worth at least capturing the reduced
reproducers as test cases, to make it easier to spot changes in
behavior.

gcc/testsuite/ChangeLog:
PR analyzer/102671
PR analyzer/105755
PR analyzer/108251
PR analyzer/108400
* gcc.dg/analyzer/null-deref-pr102671-1.c: New test, reduced
from Emacs.
* gcc.dg/analyzer/null-deref-pr102671-2.c: Likewise.
* gcc.dg/analyzer/null-deref-pr105755.c: Likewise.
*
gcc.dg/analyzer/null-deref-pr108251-smp_fetch_ssl_fc_has_early-O2.c:
New test, reduced from haproxy's src/ssl_sample.c.
* gcc.dg/analyzer/null-deref-pr108251-smp_fetch_ssl_fc_has_early.c:
Likewise.
* gcc.dg/analyzer/null-deref-pr108400-SoftEtherVPN-WebUi.c: New
test, reduced from SoftEtherVPN's src/Cedar/WebUI.c.

Signed-off-by: David Malcolm

[Bug analyzer/108400] -Wanalyzer-null-dereference false positive on SoftEtherVPN's src/Cedar/WebUI.c

2023-01-27 Thread dmalcolm at gcc dot gnu.org via Gcc-bugs 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108400

--- Comment #2 from David Malcolm  ---
Looking at the reduced reproducer, -fanalyzer is considering the case where
wu->Contexts is initially non-NULL and thus the loop is entered, but it doesn't
know about the insides of Tick64 and thus considers that after the call to
Tick64() that wu->Contexts could have become NULL, so in the 2nd iteration
LIST_DATA(wu->Contexts, i) could be NULL.

Though there's no way a user could figure that out from what the analyzer
outputs :/