mirror/gcc
2
0
Fork 0
mirror of git://gcc.gnu.org/git/gcc.git synced 2025-04-05 08:10:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

analyzer: only use CWE-690 for unchecked return value [PR97893]

Browse Source 
CWE-690 is only for dereferencing an unchecked return value; for
other kinds of NULL dereference, use the parent classification, CWE-476.

gcc/analyzer/ChangeLog:
	PR analyzer/97893
	* sm-malloc.cc (null_deref::emit): Use CWE-476 rather than
	CWE-690, as this isn't due to an unchecked return value.
	(null_arg::emit): Likewise.

gcc/testsuite/ChangeLog:
	PR analyzer/97893
	* gcc.dg/analyzer/malloc-1.c: Add CWE-690 and CWE-476 codes to
	expected output.
This commit is contained in:
David Malcolm 2020-11-18 15:53:36 -05:00
parent 0802809321
commit f3f312b535
2 changed files with 19 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
gcc/analyzer/sm-malloc.cc
View File

@ -675,9 +675,9 @@ public:
bool emit (rich_location *rich_loc) FINAL OVERRIDE
{
/* CWE-690: Unchecked Return Value to NULL Pointer Dereference. */
/* CWE-476: NULL Pointer Dereference. */
diagnostic_metadata m;
m.add_cwe (690);
m.add_cwe (476);
return warning_meta (rich_loc, m,
OPT_Wanalyzer_null_dereference,
"dereference of NULL %qE", m_arg);
@ -723,10 +723,10 @@ public:
bool emit (rich_location *rich_loc) FINAL OVERRIDE
{
/* CWE-690: Unchecked Return Value to NULL Pointer Dereference. */
/* CWE-476: NULL Pointer Dereference. */
auto_diagnostic_group d;
diagnostic_metadata m;
m.add_cwe (690);
m.add_cwe (476);
bool warned;
if (zerop (m_arg))

30
gcc/testsuite/gcc.dg/analyzer/malloc-1.c
View File

@ -30,14 +30,14 @@ void test_2a (void *ptr)
int *test_3 (void)
{
int *ptr = (int *)malloc (sizeof (int));
*ptr = 42; /* { dg-warning "dereference of possibly-NULL 'ptr'" } */
*ptr = 42; /* { dg-warning "dereference of possibly-NULL 'ptr' \\\[CWE-690\\\]" } */
return ptr;
}
int *test_3a (void)
{
int *ptr = (int *)__builtin_malloc (sizeof (int));
*ptr = 42; /* { dg-warning "dereference of possibly-NULL 'ptr'" } */
*ptr = 42; /* { dg-warning "dereference of possibly-NULL 'ptr' \\\[CWE-690\\\]" } */
return ptr;
}
@ -47,7 +47,7 @@ int *test_4 (void)
if (ptr)
*ptr = 42;
else
*ptr = 43; /* { dg-warning "dereference of NULL 'ptr'" } */
*ptr = 43; /* { dg-warning "dereference of NULL 'ptr' \\\[CWE-476\\\]" } */
return ptr;
}
@ -260,14 +260,14 @@ void test_22 (void)
int *test_23 (int n)
{
int *ptr = (int *)calloc (n, sizeof (int));
ptr[0] = 42; /* { dg-warning "dereference of possibly-NULL 'ptr'" } */
ptr[0] = 42; /* { dg-warning "dereference of possibly-NULL 'ptr' \\\[CWE-690\\\]" } */
return ptr;
}
int *test_23a (int n)
{
int *ptr = (int *)__builtin_calloc (n, sizeof (int));
ptr[0] = 42; /* { dg-warning "dereference of possibly-NULL 'ptr'" } */
ptr[0] = 42; /* { dg-warning "dereference of possibly-NULL 'ptr' \\\[CWE-690\\\]" } */
return ptr;
}
@ -302,7 +302,7 @@ struct coord {
struct coord *test_27 (void)
{
struct coord *p = (struct coord *) malloc (sizeof (struct coord)); /* { dg-message "this call could return NULL" } */
p->x = 0.f; /* { dg-warning "dereference of possibly-NULL 'p'" } */
p->x = 0.f; /* { dg-warning "dereference of possibly-NULL 'p' \\\[CWE-690\\\]" } */
/* Only the first such usage should be reported: */
p->y = 0.f;
@ -313,7 +313,7 @@ struct coord *test_27 (void)
struct coord *test_28 (void)
{
struct coord *p = NULL;
p->x = 0.f; /* { dg-warning "dereference of NULL 'p'" } */
p->x = 0.f; /* { dg-warning "dereference of NULL 'p' \\\[CWE-476\\\]" } */
/* Only the first such usage should be reported: */
p->y = 0.f;
@ -416,7 +416,7 @@ void test_36 (void)
void *test_37a (void)
{
void *ptr = malloc(4096); /* { dg-message "this call could return NULL" } */
__builtin_memset(ptr, 0, 4096); /* { dg-warning "use of possibly-NULL 'ptr' where non-null expected" } */
__builtin_memset(ptr, 0, 4096); /* { dg-warning "use of possibly-NULL 'ptr' where non-null expected \\\[CWE-690\\\]" } */
return ptr;
}
@ -427,7 +427,7 @@ int test_37b (void)
if (p) {
__builtin_memset(p, 0, 4096); /* Not a bug: checked */
} else {
__builtin_memset(q, 0, 4096); /* { dg-warning "use of possibly-NULL 'q' where non-null expected" } */
__builtin_memset(q, 0, 4096); /* { dg-warning "use of possibly-NULL 'q' where non-null expected \\\[CWE-690\\\]" } */
}
free(p);
free(q);
@ -452,7 +452,7 @@ int *
test_39 (int i)
{
int *p = (int*)malloc(sizeof(int*)); /* { dg-message "this call could return NULL" } */
*p = i; /* { dg-warning "dereference of possibly-NULL 'p'" } */
*p = i; /* { dg-warning "dereference of possibly-NULL 'p' \\\[CWE-690\\\]" } */
return p;
}
@ -460,7 +460,7 @@ int *
test_40 (int i)
{
int *p = (int*)malloc(sizeof(int*));
i = *p; /* { dg-warning "dereference of possibly-NULL 'p'" } */
i = *p; /* { dg-warning "dereference of possibly-NULL 'p' \\\[CWE-690\\\]" } */
/* TODO: (it's also uninitialized) */
return p;
}
@ -476,8 +476,8 @@ test_41 (int flag)
buffer = NULL;
}
buffer[0] = 'a'; /* { dg-warning "dereference of possibly-NULL 'buffer'" "possibly-NULL" } */
/* { dg-warning "dereference of NULL 'buffer'" "NULL" { target *-*-* } .-1 } */
buffer[0] = 'a'; /* { dg-warning "dereference of possibly-NULL 'buffer' \\\[CWE-690\\\]" "possibly-NULL" } */
/* { dg-warning "dereference of NULL 'buffer' \\\[CWE-476\\\]" "NULL" { target *-*-* } .-1 } */
return buffer;
}
@ -594,7 +594,7 @@ int test_47 (void)
void test_48 (void)
{
int *p = NULL; /* { dg-message "'p' is NULL" } */
*p = 1; /* { dg-warning "dereference of NULL 'p'" } */
*p = 1; /* { dg-warning "dereference of NULL 'p' \\\[CWE-476\\\]" } */
}
/* As test_48, but where the assignment of NULL is not at the start of a BB. */
@ -606,6 +606,6 @@ int test_49 (int i)
x = i * 2;
p = NULL; /* { dg-message "'p' is NULL" } */
*p = 1; /* { dg-warning "dereference of NULL 'p'" } */
*p = 1; /* { dg-warning "dereference of NULL 'p' \\\[CWE-476\\\]" } */
return x;
}