[Bug analyzer/105900] New: RFE: -fanalyzer could check malloc sizes when casting the result to a pointer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105900 Bug ID: 105900 Summary: RFE: -fanalyzer could check malloc sizes when casting the result to a pointer Product: gcc Version: 12.0 Status: UNCONFIRMED Severity:

[Bug analyzer/105906] fanalyzer strdup false positive leak in loop

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105906 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Last reconfirmed|

[Bug analyzer/105961] -Wanalyzer-use-of-uninitialized-value false positive after "= {0}"

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105961 --- Comment #1 from David Malcolm --- (In reply to eggert from comment #0) [...snip...] > Compile the attached program (derived from bleeding-edge Emacs) with: I'm not seeing an attachment - do you still have this file, and can you try

[Bug analyzer/105962] New: Unhelpful diagnostics paths from analyzer in the face of inlining

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105962 Bug ID: 105962 Summary: Unhelpful diagnostics paths from analyzer in the face of inlining Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal

[Bug analyzer/105961] -Wanalyzer-use-of-uninitialized-value false positive after "= {0}"

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105961 --- Comment #4 from David Malcolm --- As well as the false positive, the diagnostic path is rather unreadable due to inlining. I've filed a separate bug about this (PR 105962).

[Bug analyzer/105961] -Wanalyzer-use-of-uninitialized-value false positive after "= {0}"

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105961 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Last reconfirmed|

[Bug analyzer/105962] Unhelpful diagnostics paths from analyzer in the face of inlining

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105962 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Ever confirmed|0

[Bug analyzer/105962] Unhelpful diagnostics paths from analyzer in the face of inlining

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105962 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED

[Bug analyzer/105900] RFE: -fanalyzer could check malloc sizes when casting the result to a pointer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105900 --- Comment #1 from David Malcolm --- See https://cwe.mitre.org/data/definitions/131.html e.g. example 5. See also: https://clang.llvm.org/docs/analyzer/checkers.html#alpha-security-mallocoverflow-c (CWE 131's example 2 has a case of this)

[Bug analyzer/106000] New: RFE: -fanalyzer should complain about definite buffer overflows/underflows

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106000 Bug ID: 106000 Summary: RFE: -fanalyzer should complain about definite buffer overflows/underflows Product: gcc Version: 12.0 Status: UNCONFIRMED Severity:

[Bug c/106002] New: RFE: complain about incorrect checks of return values (CWE-253)

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106002 Bug ID: 106002 Summary: RFE: complain about incorrect checks of return values (CWE-253) Product: gcc Version: 12.0 Status: UNCONFIRMED Keywords: diagnostic

[Bug analyzer/105958] New: Stray events emitted by state machine tests (e.g. "'VAR' is NULL")

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105958 Bug ID: 105958 Summary: Stray events emitted by state machine tests (e.g. "'VAR' is NULL") Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal

[Bug analyzer/106006] New: RFE: analyzer should treat data from a socket as "tainted"

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106006 Bug ID: 106006 Summary: RFE: analyzer should treat data from a socket as "tainted" Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal

[Bug analyzer/106007] New: RFE: analyzer should complain about exec/system of tainted args

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106007 Bug ID: 106007 Summary: RFE: analyzer should complain about exec/system of tainted args Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal

[Bug analyzer/105892] RFE: -fanalyzer could complain about pointer subtraction of pointers to different memory chunks

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105892 --- Comment #1 from David Malcolm --- See also CWE 469: https://cwe.mitre.org/data/definitions/469.html

[Bug analyzer/105888] RFE: -fanalyzer should complain when an on-stack address escapes/outlives the function

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105888 --- Comment #1 from David Malcolm --- See also CWE-562: Return of Stack Variable Address https://cwe.mitre.org/data/definitions/562.html

[Bug analyzer/105900] RFE: -fanalyzer could check malloc sizes when casting the result to a pointer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105900 --- Comment #2 from David Malcolm --- See also: https://cwe.mitre.org/data/definitions/467.html

[Bug analyzer/106003] New: RFE: -fanalyzer could complain about misuse of file-descriptors

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106003 Bug ID: 106003 Summary: RFE: -fanalyzer could complain about misuse of file-descriptors Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal

[Bug analyzer/106000] RFE: -fanalyzer should complain about definite buffer overflows/underflows

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106000 --- Comment #2 from David Malcolm --- See also: https://cwe.mitre.org/data/definitions/468.html

[Bug analyzer/106003] RFE: -fanalyzer could complain about misuse of file-descriptors

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106003 --- Comment #1 from David Malcolm --- See also this mailing list thread: https://gcc.gnu.org/pipermail/gcc/2022-June/238801.html

[Bug analyzer/106021] New: RFE: more sources of taint: scanf and its cousins

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106021 Bug ID: 106021 Summary: RFE: more sources of taint: scanf and its cousins Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal Priority: P3

[Bug fortran/105916] gfortran -fdiagnostics-format=json yields incorrect output

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105916 --- Comment #1 from David Malcolm --- Thanks for filing this. Reproducable with trunk. On trunk I also see similar behavior with the new SARIF output format via options: -fdiagnostics-format=sarif-stderr -fdiagnostics-format=sarif-file

[Bug fortran/105916] gfortran -fdiagnostics-format=json yields incorrect output

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105916 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |NEW Ever confirmed|0

[Bug analyzer/105947] New: RFE: -fanalyzer should complain about jumps through NULL function pointers

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105947 Bug ID: 105947 Summary: RFE: -fanalyzer should complain about jumps through NULL function pointers Product: gcc Version: 12.0 Status: UNCONFIRMED Severity:

[Bug analyzer/105949] New: RFE: analyzer could warn about calls to vfuncs within a ctor/dtor

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105949 Bug ID: 105949 Summary: RFE: analyzer could warn about calls to vfuncs within a ctor/dtor Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal

[Bug analyzer/99667] RFE: complain about uninitialized member variables in constructor

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99667 David Malcolm changed: What|Removed |Added Blocks||105887 --- Comment #1 from David

[Bug analyzer/105948] New: RFE: analyzer could check c++ placement-new sizes

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105948 Bug ID: 105948 Summary: RFE: analyzer could check c++ placement-new sizes Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal Priority: P3

[Bug analyzer/105894] RFE: -fanalyzer could complain about misuse of functions that return pointers to a static buffer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105894 --- Comment #1 from David Malcolm --- (In reply to David Malcolm from comment #0) > The analyzer's region model might make this fairly easy to implement. Specifically: the result of the function call would be a conjured_svalue where the stmt

[Bug analyzer/105909] New: RFE: SARIF output could contain metadata about limitations of the analysis

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105909 Bug ID: 105909 Summary: RFE: SARIF output could contain metadata about limitations of the analysis Product: gcc Version: 12.0 Status: UNCONFIRMED Severity:

[Bug analyzer/106321] New: False positives from -Wanalyzer-tainted-array-index with switch with ranged cases

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106321 Bug ID: 106321 Summary: False positives from -Wanalyzer-tainted-array-index with switch with ranged cases Product: gcc Version: 12.0 Status: UNCONFIRMED

[Bug jit/106312] jit tests fail on powerpc64le

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106312 --- Comment #1 from David Malcolm --- Seems to work for me (on gcc112); is there a particular machine you tried this on?

[Bug analyzer/106319] New: False positives from -Wanalyzer-va-arg-type-mismatch on int promotion

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106319 Bug ID: 106319 Summary: False positives from -Wanalyzer-va-arg-type-mismatch on int promotion Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal

[Bug analyzer/106359] New: -fanalyzer takes a very long time on Linux kernel: sound/soc/codecs/cs47l{85,90}.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106359 Bug ID: 106359 Summary: -fanalyzer takes a very long time on Linux kernel: sound/soc/codecs/cs47l{85,90}.c Product: gcc Version: 12.0 Status: UNCONFIRMED

[Bug analyzer/106358] New: [meta-bug] tracker bug for building the Linux kernel with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106358 Bug ID: 106358 Summary: [meta-bug] tracker bug for building the Linux kernel with -fanalyzer Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal

[Bug analyzer/106359] -fanalyzer takes a very long time on Linux kernel: sound/soc/codecs/cs47l{85,90}.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106359 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|---

[Bug analyzer/106358] [meta-bug] tracker bug for building the Linux kernel with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106358 Bug 106358 depends on bug 106359, which changed state. Bug 106359 Summary: -fanalyzer takes a very long time on Linux kernel: sound/soc/codecs/cs47l{85,90}.c https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106359 What|Removed

[Bug analyzer/106359] -fanalyzer takes a very long time on Linux kernel: sound/soc/codecs/cs47l{85,90}.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106359 --- Comment #1 from David Malcolm --- Dumping the store shows huge numbers of clusters of the form: cluster for: "RXANCL Input": CONJURED(madera_free_bus_error_irq (_6, i_29);, "RXANCL Input") (ESCAPED) (TOUCHED) cluster for: "Route":

[Bug analyzer/106373] New: False positives from -Wanalyzer-tainted-array-index with casts

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106373 Bug ID: 106373 Summary: False positives from -Wanalyzer-tainted-array-index with casts Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal

[Bug analyzer/106373] False positives from -Wanalyzer-tainted-array-index on comparison with non-const

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106373 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Last reconfirmed|

[Bug analyzer/106374] [13 Regression] -fanalyzer ICE with certain const static vars

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106374 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/106358] [meta-bug] tracker bug for building the Linux kernel with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106358 Bug 106358 depends on bug 106374, which changed state. Bug 106374 Summary: [13 Regression] -fanalyzer ICE with certain const static vars https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106374 What|Removed |Added

[Bug analyzer/106374] New: -fanalyzer ICE with certain const static vars

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106374 Bug ID: 106374 Summary: -fanalyzer ICE with certain const static vars Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component:

[Bug analyzer/106374] -fanalyzer ICE with certain const static vars

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106374 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Last reconfirmed|

[Bug analyzer/106373] False positives from -Wanalyzer-tainted-array-index on comparison with non-const

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106373 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/106358] [meta-bug] tracker bug for building the Linux kernel with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106358 Bug 106358 depends on bug 106373, which changed state. Bug 106373 Summary: False positives from -Wanalyzer-tainted-array-index on comparison with non-const https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106373 What|Removed

[Bug analyzer/106325] `analyzer-null-dereference` gets thrown on a parameter on a function marked with `__attribute__((nonnull))`

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106325 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Status|UNCONFIRMED

[Bug analyzer/106441] New: Analyzer has some issues with nested functions extension to C

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106441 Bug ID: 106441 Summary: Analyzer has some issues with nested functions extension to C Product: gcc Version: 13.0 Status: UNCONFIRMED Severity: normal

[Bug analyzer/106441] Analyzer has some issues with nested functions extension to C

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106441 --- Comment #1 from David Malcolm --- Above example on Compiler Explorer: https://godbolt.org/z/Pv1GoonE6

[Bug analyzer/106301] New: RFE: analyzer support of mmap

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106301 Bug ID: 106301 Summary: RFE: analyzer support of mmap Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer

[Bug analyzer/106302] New: RFE: provide a way for -fanalyzer to use target flags

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106302 Bug ID: 106302 Summary: RFE: provide a way for -fanalyzer to use target flags Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal Priority: P3

[Bug analyzer/106301] RFE: analyzer support of mmap

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106301 --- Comment #1 from David Malcolm --- Potentially we could also track the allocated region, and complain if it is leaked. I think this would require handling of mmap/munmap in sm-malloc.cc (so that we can detect leaks), and support in the

[Bug analyzer/106286] fd_diagnostic should implement get_meaning_for_state_change vfunc

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106286 --- Comment #1 from David Malcolm --- Compare with e.g.: gcc/testsuite/gcc.dg/analyzer/file-meaning-1.c which tests this for the sm-file.cc

[Bug analyzer/106300] New: RFE: analyzer support for more ways of obtaining an open file descriptor

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106300 Bug ID: 106300 Summary: RFE: analyzer support for more ways of obtaining an open file descriptor Product: gcc Version: 12.0 Status: UNCONFIRMED Severity:

[Bug analyzer/106299] New: RFE: analyzer handling of fdopen

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106299 Bug ID: 106299 Summary: RFE: analyzer handling of fdopen Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer

[Bug analyzer/106298] New: RFE: analyzer handling of dup, dup2, and dup3

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106298 Bug ID: 106298 Summary: RFE: analyzer handling of dup, dup2, and dup3 Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component:

[Bug preprocessor/106272] clang build: new warning ?

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106272 --- Comment #9 from David Malcolm --- Thanks!

[Bug analyzer/106284] New: False positives from -Wanalyzer-tainted-array-index with optimized conditionals

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106284 Bug ID: 106284 Summary: False positives from -Wanalyzer-tainted-array-index with optimized conditionals Product: gcc Version: 12.0 Status: UNCONFIRMED

[Bug analyzer/106283] New: RFE: analyzer handling of close_range and closefrom

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106283 Bug ID: 106283 Summary: RFE: analyzer handling of close_range and closefrom Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal Priority: P3

[Bug analyzer/106286] New: fd_diagnostic should implement get_meaning_for_state_change vfunc

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106286 Bug ID: 106286 Summary: fd_diagnostic should implement get_meaning_for_state_change vfunc Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal

[Bug analyzer/106284] False positives from -Wanalyzer-tainted-array-index with optimized conditionals

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106284 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Status|UNCONFIRMED

[Bug analyzer/106358] [meta-bug] tracker bug for building the Linux kernel with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106358 Bug 106358 depends on bug 106319, which changed state. Bug 106319 Summary: False positives from -Wanalyzer-va-arg-type-mismatch on int promotion https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106319 What|Removed

[Bug analyzer/106319] False positives from -Wanalyzer-va-arg-type-mismatch on int promotion

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106319 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|UNCONFIRMED

[Bug analyzer/105893] RFE: -fanalyzer could check putenv calls

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105893 David Malcolm changed: What|Removed |Added Last reconfirmed||2022-07-28 Ever confirmed|0

[Bug analyzer/106007] RFE: analyzer should complain about exec/system of tainted args

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106007 --- Comment #1 from David Malcolm --- Similarly, putenv should check for tainted string args.

[Bug analyzer/105893] RFE: -fanalyzer could check putenv calls

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105893 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED

[Bug analyzer/105887] [meta-bug] clang analyzer warnings that GCC's -fanalyzer could implement

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105887 Bug 105887 depends on bug 105893, which changed state. Bug 105893 Summary: RFE: -fanalyzer could check putenv calls https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105893 What|Removed |Added

[Bug analyzer/106007] RFE: analyzer should complain about exec/system of tainted args

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106007 --- Comment #2 from David Malcolm --- Currently the taint analysis only has handling for numeric arguments being bounds-checked. How can string arguments transition to a "sanitized" state? Or are string arguments always tainted once they've

[Bug analyzer/106147] RFE: -fanalyzer could complain about some cases of infinite loops and infinite recursion

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106147 David Malcolm changed: What|Removed |Added Ever confirmed|0 |1 Last reconfirmed|

[Bug analyzer/106358] [meta-bug] tracker bug for building the Linux kernel with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106358 Bug 106358 depends on bug 106383, which changed state. Bug 106383 Summary: False positives from -Wanalyzer-va-list-exhausted https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106383 What|Removed |Added

[Bug analyzer/106383] False positives from -Wanalyzer-va-list-exhausted

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106383 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/106394] Possible false positive from -Wanalyzer-allocation-size with empty array

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106394 David Malcolm changed: What|Removed |Added Assignee|dmalcolm at gcc dot gnu.org|tlange at gcc dot gnu.org

[Bug analyzer/106383] New: False positives from -Wanalyzer-va-list-exhausted

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106383 Bug ID: 106383 Summary: False positives from -Wanalyzer-va-list-exhausted Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal Priority: P3

[Bug analyzer/106383] False positives from -Wanalyzer-va-list-exhausted

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106383 David Malcolm changed: What|Removed |Added Last reconfirmed||2022-07-21

[Bug analyzer/106394] New: Possible false positive from -Wanalyzer-allocation-size with empty array

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106394 Bug ID: 106394 Summary: Possible false positive from -Wanalyzer-allocation-size with empty array Product: gcc Version: 13.0 Status: UNCONFIRMED Severity:

[Bug analyzer/106003] RFE: -fanalyzer could complain about misuse of file-descriptors

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106003 --- Comment #6 from David Malcolm --- I don't think we were tracking the RFE for this in bugzilla, so just a note that Immad had now committed his patch for the three new attributes for functions that make use of file descriptors:

[Bug analyzer/106413] New: State explosion on va_arg when va_start is in top-level function of analysis

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106413 Bug ID: 106413 Summary: State explosion on va_arg when va_start is in top-level function of analysis Product: gcc Version: 13.0 Status: UNCONFIRMED Severity:

[Bug analyzer/106454] -Wanalyzer-malloc-leak false positive when returning heap-allocation through array in struct after function call

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106454 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |NEW Ever confirmed|0

[Bug analyzer/106454] -Wanalyzer-malloc-leak false positive when returning heap-allocation through array in struct after function call

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106454 --- Comment #2 from David Malcolm --- ...i.e. it's getting confused about liveness. It's considering that the call to c could have overwritten the old value of d with a new value (or d->args), and thus that this hypothetical new value of

[Bug analyzer/106298] RFE: analyzer handling of dup, dup2, and dup3

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106298 David Malcolm changed: What|Removed |Added Last reconfirmed||2022-07-27 Assignee|dmalcolm

[Bug analyzer/106204] False positive from -Wanalyzer-use-of-uninitialized-value with -ftrivial-auto-var-init=zero

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106204 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED

[Bug analyzer/106358] [meta-bug] tracker bug for building the Linux kernel with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106358 Bug 106358 depends on bug 106204, which changed state. Bug 106204 Summary: False positive from -Wanalyzer-use-of-uninitialized-value with -ftrivial-auto-var-init=zero https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106204 What

[Bug analyzer/106358] [meta-bug] tracker bug for building the Linux kernel with -fanalyzer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106358 Bug 106358 depends on bug 106225, which changed state. Bug 106225 Summary: False positives from -Wanalyzer-tainted-divisor https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106225 What|Removed |Added

[Bug analyzer/106225] False positives from -Wanalyzer-tainted-divisor

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106225 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED

[Bug analyzer/99860] RFE: analyzer does not respect "restrict"

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99860 --- Comment #2 from David Malcolm --- Quoting Paul Eggert here: https://lists.gnu.org/archive/html/bug-gnulib/2022-07/msg00066.html > I looked into this a bit more, and it turns out that GCC was wrong > about > what happens when some

[Bug analyzer/105285] False positive with -Wanalyzer-null-dereference in git.git's reftable/reader.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105285 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/106284] False positives from -Wanalyzer-tainted-array-index with optimized conditionals

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106284 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/106413] State explosion on va_arg when va_start is in top-level function of analysis

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106413 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Ever confirmed|0

[Bug analyzer/106321] False positives from -Wanalyzer-tainted-array-index with switch with ranged cases

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106321 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|UNCONFIRMED

[Bug analyzer/106401] [13 Regression] ICE: in binding_cluster, at analyzer/store.cc:1110 with -fanalyzer since r13-1761-g68871a008e686dbe

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106401 David Malcolm changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

[Bug analyzer/106413] State explosion on va_arg when va_start is in top-level function of analysis

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106413 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/104308] no location info provided for [-Wanalyzer-use-of-uninitialized-value] warnings

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104308 --- Comment #9 from David Malcolm --- (In reply to Kamil Dudka from comment #8) > As spotted by Vincent Mihalkovic, the fix seems to be incomplete. If we run > gcc-12.0.1-0.14.fc37.x86_64 on the following test-case, some diagnostic > messages

[Bug jit/104073] Add option to hide stderr logging in libgccjit

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104073 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug jit/104293] Add support for setting the alignment of variables

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104293 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED

[Bug jit/104071] Add support for bitcast

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104071 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|---

[Bug jit/95325] Support 128-bit integers

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95325 David Malcolm changed: What|Removed |Added Resolution|--- |FIXED Status|WAITING

[Bug jit/104072] Register variables in libgccjit

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104072 David Malcolm changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|---

[Bug analyzer/105285] False positive with -Wanalyzer-null-dereference in git.git's reftable/reader.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105285 --- Comment #11 from David Malcolm --- Should be fixed on trunk for GCC 13 by the above commit. I hope to backport this to GCC 12; keeping this open until that's done.

[Bug analyzer/105287] [12/13 Regression] ICE in analyzer get_region_for_local on C++ await cond_var

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105287 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/105366] [11 Regression] ICE: in cmp_cst, at analyzer/svalue.cc:309 with -O -fanalyzer since r11-4511-gf635f0ce87d687b1

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105366 David Malcolm changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|---

[Bug analyzer/105285] False positive with -Wanalyzer-null-dereference in git.git's reftable/reader.c

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105285 --- Comment #6 from David Malcolm --- For (a): If I'm reading this right: reader_init_block_reader has: struct reftable_block block = {((void *)0)}; reader_init_block_reader checks for (next_off >= r->size) and bails out, otherwise, block

<    2   3   4   5   6   7   8   9   10   11   >