I scanned make 3.82 with my static analysis tool, and found 3 potential bugs. The bugs are described in attached XML files, each describing the trigger path. I reviewed the bugs myself. From the code alone, each is possible. But I am not sure if it could happen in practice.
Would you please take a look at the bug reports? Thank you.
<bugreport> <file>remake.c</file> <event> <type>Branch</type> <location> <file>remake.c</file> <line>1552</line> </location> <description>Take the true branch.</description> <expr>(p = find_next_token(&p2, &len)) != 0</expr> </event> <event> <type>Branch</type> <location> <file>remake.c</file> <line>1566</line> </location> <description>Take the false branch.</description> <expr>!p3</expr> </event> <event> <type>Branch</type> <location> <file>remake.c</file> <line>1581</line> </location> <description>Take the false branch.</description> <expr>mtime != 1</expr> </event> <event> <type>Branch</type> <location> <file>remake.c</file> <line>1594</line> </location> <description>Take the false branch.</description> <expr>mtime_ptr</expr> </event> <event> <type>Branch</type> <location> <file>remake.c</file> <line>1596</line> </location> <description>Take the false branch.</description> <expr>f</expr> </event> <event> <type>Branch</type> <location> <file>remake.c</file> <line>1615</line> </location> <description>Take the false branch.</description> <expr>!buflen</expr> </event> <event> <type>Branch</type> <location> <file>remake.c</file> <line>1627</line> </location> <description>Take the false branch.</description> <expr>buflen < strlen(libbuf)</expr> </event> <event> <type>Branch</type> <location> <file>remake.c</file> <line>1638</line> </location> <description>Take the true branch.</description> <expr>*dp != 0</expr> </event> <event> <type>Branch</type> <location> <file>remake.c</file> <line>1642</line> </location> <description>Take the false branch.</description> <expr>mtime != 1</expr> </event> <event> <type>Branch</type> <location> <file>remake.c</file> <line>1638</line> </location> <description>Take the true branch.</description> <expr>*dp != 0</expr> </event> <event> <type>Branch</type> <location> <file>remake.c</file> <line>1642</line> </location> <description>Take the true branch.</description> <expr>mtime != 1</expr> </event> <event> <type>Branch</type> <location> <file>remake.c</file> <line>1644</line> </location> <description>Take the true branch.</description> <expr>file == 0</expr> </event> <event> <type>Branch</type> <location> <file>remake.c</file> <line>1644</line> </location> <description>Take the true branch.</description> <expr>file == 0 || vpath_index < best_vpath</expr> </event> <event> <type>Branch</type> <location> <file>remake.c</file> <line>1649</line> </location> <description>Take the false branch.</description> <expr>mtime_ptr != 0</expr> </event> <event> <type>Branch</type> <location> <file>remake.c</file> <line>1638</line> </location> <description>Take the false branch.</description> <expr>*dp != 0</expr> </event> <event> <type>Branch</type> <location> <file>remake.c</file> <line>1552</line> </location> <description>Take the true branch.</description> <expr>(p = find_next_token(&p2, &len)) != 0</expr> </event> <event> <type>Branch</type> <location> <file>remake.c</file> <line>1566</line> </location> <description>Take the false branch.</description> <expr>!p3</expr> </event> <event> <type>Branch</type> <location> <file>remake.c</file> <line>1581</line> </location> <description>Take the false branch.</description> <expr>mtime != 1</expr> </event> <event> <type>Branch</type> <location> <file>remake.c</file> <line>1594</line> </location> <description>Take the false branch.</description> <expr>mtime_ptr</expr> </event> <event> <type>Branch</type> <location> <file>remake.c</file> <line>1596</line> </location> <description>Take the true branch.</description> <expr>f</expr> </event> <event> <type>Branch</type> <location> <file>remake.c</file> <line>1599</line> </location> <description>Take the false branch.</description> <expr>file == 0</expr> </event> <event> <type>Branch</type> <location> <file>remake.c</file> <line>1599</line> </location> <description>Take the false branch.</description> <expr>file == 0 || vpath_index < best_vpath</expr> </event> <event> <type>Branch</type> <location> <file>remake.c</file> <line>1601</line> </location> <description>Take the true branch.</description> <expr>vpath_index == best_vpath</expr> </event> <event> <type>Trigger</type> <location> <file>remake.c</file> <line>1601</line> </location> <description>The operand has undefined value.</description> <expr>path_index < best_path</expr> </event> </bugreport>
<bugreport> <file>read.c</file> <event> <type>Branch</type> <location> <file>read.c</file> <line>601</line> </location> <description>Take the true branch.</description> <expr>1</expr> </event> <event> <type>Branch</type> <location> <file>read.c</file> <line>616</line> </location> <description>Take the false branch.</description> <expr>nlines < 0</expr> </event> <event> <type>Branch</type> <location> <file>read.c</file> <line>621</line> </location> <description>Take the false branch.</description> <expr>line[0] == '\x0'</expr> </event> <event> <type>Branch</type> <location> <file>read.c</file> <line>628</line> </location> <description>Take the false branch.</description> <expr>line[0] == cmd_prefix</expr> </event> <event> <type>Branch</type> <location> <file>read.c</file> <line>678</line> </location> <description>Take the false branch.</description> <expr>collapsed_length < linelen + 1</expr> </event> <event> <type>Trigger</type> <location> <file>read.c</file> <line>686</line> </location> <description>NULL pointer passed as an argument to a nonnull parameter.</description> <expr>collapsed</expr> </event> </bugreport>
<bugreport> <file>rule.c</file> <event> <type>Branch</type> <location> <file>rule.c</file> <line>84</line> </location> <description>Take the true branch.</description> <expr>rule != 0</expr> </event> <event> <type>Branch</type> <location> <file>rule.c</file> <line>92</line> </location> <description>Take the false branch.</description> <expr>rule->num > max_pattern_targets</expr> </event> <event> <type>Branch</type> <location> <file>rule.c</file> <line>95</line> </location> <description>Take the true branch.</description> <expr>dep != 0</expr> </event> <event> <type>Branch</type> <location> <file>rule.c</file> <line>97</line> </location> <description>Take the false branch.</description> <expr>(dep)->name == 0</expr> </event> <event> <type>Branch</type> <location> <file>rule.c</file> <line>108</line> </location> <description>Take the true branch.</description> <expr>p != 0</expr> </event> <event> <type>Branch</type> <location> <file>rule.c</file> <line>112</line> </location> <description>Take the true branch.</description> <expr>len > max_pattern_dep_length</expr> </event> <event> <type>Branch</type> <location> <file>rule.c</file> <line>115</line> </location> <description>Take the true branch.</description> <expr>p != 0</expr> </event> <event> <type>Branch</type> <location> <file>rule.c</file> <line>115</line> </location> <description>Take the false branch.</description> <expr>p != 0 && p2 > p</expr> </event> <event> <type>Branch</type> <location> <file>rule.c</file> <line>95</line> </location> <description>Take the false branch.</description> <expr>dep != 0</expr> </event> <event> <type>Branch</type> <location> <file>rule.c</file> <line>140</line> </location> <description>Take the true branch.</description> <expr>ndeps > max_pattern_deps</expr> </event> <event> <type>Branch</type> <location> <file>rule.c</file> <line>84</line> </location> <description>Take the true branch.</description> <expr>rule != 0</expr> </event> <event> <type>Branch</type> <location> <file>rule.c</file> <line>92</line> </location> <description>Take the false branch.</description> <expr>rule->num > max_pattern_targets</expr> </event> <event> <type>Branch</type> <location> <file>rule.c</file> <line>95</line> </location> <description>Take the true branch.</description> <expr>dep != 0</expr> </event> <event> <type>Branch</type> <location> <file>rule.c</file> <line>97</line> </location> <description>Take the false branch.</description> <expr>(dep)->name == 0</expr> </event> <event> <type>Branch</type> <location> <file>rule.c</file> <line>108</line> </location> <description>Take the true branch.</description> <expr>p != 0</expr> </event> <event> <type>Branch</type> <location> <file>rule.c</file> <line>112</line> </location> <description>Take the false branch.</description> <expr>len > max_pattern_dep_length</expr> </event> <event> <type>Branch</type> <location> <file>rule.c</file> <line>115</line> </location> <description>Take the true branch.</description> <expr>p != 0</expr> </event> <event> <type>Branch</type> <location> <file>rule.c</file> <line>115</line> </location> <description>Take the true branch.</description> <expr>p != 0 && p2 > p</expr> </event> <event> <type>Branch</type> <location> <file>rule.c</file> <line>119</line> </location> <description>Take the false branch.</description> <expr>p == dname</expr> </event> <event> <type>Branch</type> <location> <file>rule.c</file> <line>121</line> </location> <description>Take the false branch.</description> <expr>p - dname > namelen</expr> </event> <event> <type>Trigger</type> <location> <file>rule.c</file> <line>126</line> </location> <description>NULL pointer passed as an argument to a nonnull parameter.</description> <expr>name</expr> </event> </bugreport>
_______________________________________________ Bug-make mailing list Bug-make@gnu.org https://lists.gnu.org/mailman/listinfo/bug-make
