[Bug other/89863] [meta-bug] Issues that static analyzers (cppcheck, clang-static-analyzer) find that gcc misses
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89863
--- Comment #6 from David Binderman ---
For this C++ code:
// reading 8 bytes from a 5 byte field
# include
# include
struct S
{
char a[ 5];
short b;
};
void f( const S * ps)
{
uint64_t n;
memcpy( &n, ps->a, sizeof( uint64_t));
}
derived from recent Linux kernel, gcc has nothing to say:
$ /home/dcb/gcc/results/bin/gcc -c -g -O2 -Wall -Wextra feb10a.cc
$
Interestingly, clang++ doesn't say much either:
$ clang++ -c -O2 -Wall -Wextra feb10a.cc
$
Adding _FORTIFY_SOURCE=2 doesn't help. Here is cppcheck in action:
$ /home/dcb/cppcheck/trunk/cppcheck feb10a.cc
feb10a.cc:17:16: error: Buffer is accessed out of bounds: ps->a
[bufferAccessOutOfBounds]
memcpy( &n, ps->a, sizeof( uint64_t));
^
$
[Bug other/89863] [meta-bug] Issues that static analyzers (cppcheck, clang-static-analyzer) find that gcc misses
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89863
--- Comment #7 from David Binderman ---
For this C++ code:
// Division by zero.
extern void g();
void f()
{
unsigned int vsync_rate_hz = 0;
unsigned int frame_time_microsec = 100 / vsync_rate_hz;
g();
}
gcc and clang have nothing to say, even with -g -O2 -Wall -Wextra
but cppcheck finds the problem.
[Bug other/89863] [meta-bug] Issues that static analyzers (cppcheck, clang-static-analyzer) find that gcc misses
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89863 Bug 89863 depends on bug 94317, which changed state. Bug 94317 Summary: gcc/config/arm/arm_mve.h:13907: strange assignment ? https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94317 What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|--- |FIXED
[Bug other/89863] [meta-bug] Issues that static analyzers (cppcheck, clang-static-analyzer) find that gcc misses
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89863 Bug 89863 depends on bug 90970, which changed state. Bug 90970 Summary: A suspicious code in builtins.c https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90970 What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|--- |FIXED
[Bug other/89863] [meta-bug] Issues that static analyzers (cppcheck, clang-static-analyzer) find that gcc misses
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89863 Bug 89863 depends on bug 80672, which changed state. Bug 80672 Summary: gcc/config/sh/sh.c:716: prefer compare to find. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80672 What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|--- |FIXED
[Bug other/89863] [meta-bug] Issues that static analyzers (cppcheck, clang-static-analyzer) find that gcc misses
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89863 Bug 89863 depends on bug 54582, which changed state. Bug 54582 Summary: gap in FORTIFY checking of buffer lengths https://gcc.gnu.org/bugzilla/show_bug.cgi?id=54582 What|Removed |Added Status|NEW |RESOLVED Resolution|--- |DUPLICATE
[Bug other/89863] [meta-bug] Issues that static analyzers (cppcheck, clang-static-analyzer) find that gcc misses
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89863 Bug 89863 depends on bug 77936, which changed state. Bug 77936 Summary: libstdc++-v3/include/parallel/checkers.h:66: pointless local variable ? https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77936 What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|--- |FIXED
[Bug other/89863] [meta-bug] Issues that static analyzers (cppcheck, clang-static-analyzer) find that gcc misses
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89863 Bug 89863 depends on bug 59205, which changed state. Bug 59205 Summary: config/iq2000/iq2000.c:2188: possible cut'n'paste error ? https://gcc.gnu.org/bugzilla/show_bug.cgi?id=59205 What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|--- |FIXED
[Bug other/89863] [meta-bug] Issues that static analyzers (cppcheck, clang-static-analyzer) find that gcc misses
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89863 Bug 89863 depends on bug 90297, which changed state. Bug 90297 Summary: gcc/fortran/resolve.c: 2 * possibly redundant code ? https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90297 What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED
[Bug other/89863] [meta-bug] Issues that static analyzers (cppcheck, clang-static-analyzer) find that gcc misses
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89863 Bug 89863 depends on bug 81669, which changed state. Bug 81669 Summary: trunk/gcc/fibonacci_heap.h:58: possible missing initialisation ? https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81669 What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|--- |FIXED
[Bug other/89863] [meta-bug] Issues that static analyzers (cppcheck, clang-static-analyzer) find that gcc misses
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89863 Martin Liška changed: What|Removed |Added Summary|[meta-bug] Issues that |[meta-bug] Issues that |cppcheck finds that gcc |static analyzers (cppcheck, |misses |clang-static-analyzer) find ||that gcc misses --- Comment #2 from Martin Liška --- (In reply to Eric Gallager from comment #1) > I see Martin Liska added a bunch of bugs found by the clang static analyzer > as blocking this... Martin, did you verify that cppcheck catches them, too, > or are we using this bug for static analyzers in general now? It's ok if > it's the latter, we'll just need to update the title... Yes, I would like to extend usage of this meta bug. I've just updated the title. About the cppcheck, I'm running that with: $ cppcheck --enable=all --project=compile_commands.json -j16 and my impression is that it does not work for C++ files: https://pastebin.com/ZK320Ebt ?
[Bug other/89863] [meta-bug] Issues that static analyzers (cppcheck, clang-static-analyzer) find that gcc misses
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89863 Bug 89863 depends on bug 90974, which changed state. Bug 90974 Summary: A suspicious code in tree-vect-loop.c since r256576 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90974 What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|--- |FIXED
[Bug other/89863] [meta-bug] Issues that static analyzers (cppcheck, clang-static-analyzer) find that gcc misses
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89863 Bug 89863 depends on bug 90975, which changed state. Bug 90975 Summary: A suspicious code in optabs.c since r177852 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90975 What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|--- |FIXED
[Bug other/89863] [meta-bug] Issues that static analyzers (cppcheck, clang-static-analyzer) find that gcc misses
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89863 Bug 89863 depends on bug 91017, which changed state. Bug 91017 Summary: A suspicious code in gcc/tree-vect-stmts.c https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91017 What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|--- |FIXED
[Bug other/89863] [meta-bug] Issues that static analyzers (cppcheck, clang-static-analyzer) find that gcc misses
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89863 Bug 89863 depends on bug 90976, which changed state. Bug 90976 Summary: A suspicious code in lra.c since r177852 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90976 What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|--- |FIXED
[Bug other/89863] [meta-bug] Issues that static analyzers (cppcheck, clang-static-analyzer) find that gcc misses
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89863 Bug 89863 depends on bug 91016, which changed state. Bug 91016 Summary: A suspicious code in config/i386/i386-expand.c https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91016 What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|--- |FIXED
[Bug other/89863] [meta-bug] Issues that static analyzers (cppcheck, clang-static-analyzer) find that gcc misses
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89863 --- Comment #3 from David Binderman --- --language=c++ seems to be required for C++ code. --force helps cppcheck to avoid a too-early finish. I use the current development cppcheck code, although it's fair to say that new features rarely work 100% perfectly first time and usually take a week or two before they mature on real code. But that's development code for you ;->
[Bug other/89863] [meta-bug] Issues that static analyzers (cppcheck, clang-static-analyzer) find that gcc misses
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89863 --- Comment #4 from Martin Liška --- (In reply to David Binderman from comment #3) > --language=c++ seems to be required for C++ code. That works for me, thank you! > > --force helps cppcheck to avoid a too-early finish. > > I use the current development cppcheck code, although it's fair to say that > new features rarely work 100% perfectly first time and usually take a week > or two before they mature on real code. Yep, I've just bumped openSUSE package to the latest release that was released few days ago. > > But that's development code for you ;->
[Bug other/89863] [meta-bug] Issues that static analyzers (cppcheck, clang-static-analyzer) find that gcc misses
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89863 Bug 89863 depends on bug 88056, which changed state. Bug 88056 Summary: gcc/config/i386/host-mingw32.c:170: use of out of scope pointer ? https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88056 What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|--- |FIXED
[Bug other/89863] [meta-bug] Issues that static analyzers (cppcheck, clang-static-analyzer) find that gcc misses
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89863 Bug 89863 depends on bug 92563, which changed state. Bug 92563 Summary: trunk/gcc/cp/error.c:1988: useless parameter ? https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92563 What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|--- |INVALID
[Bug other/89863] [meta-bug] Issues that static analyzers (cppcheck, clang-static-analyzer) find that gcc misses
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89863 Bug 89863 depends on bug 92575, which changed state. Bug 92575 Summary: couple of suspicious assignments in expect.c https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92575 What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|--- |FIXED
[Bug other/89863] [meta-bug] Issues that static analyzers (cppcheck, clang-static-analyzer) find that gcc misses
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89863 Eric Gallager changed: What|Removed |Added CC||dmalcolm at gcc dot gnu.org --- Comment #5 from Eric Gallager --- Some of the bugs that this one depends upon might be useful inspiration for the new analyzer that David Malcolm is working on.
[Bug other/89863] [meta-bug] Issues that static analyzers (cppcheck, clang-static-analyzer) find that gcc misses
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89863 Bug 89863 depends on bug 92671, which changed state. Bug 92671 Summary: gcc/c/c-parser.c: minor ( and ) tidyup https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92671 What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|--- |INVALID
[Bug other/89863] [meta-bug] Issues that static analyzers (cppcheck, clang-static-analyzer) find that gcc misses
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89863 Bug 89863 depends on bug 58237, which changed state. Bug 58237 Summary: gcc fails to detect obvious resource leaks https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58237 What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|--- |FIXED
