https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102671
--- Comment #1 from eggert at cs dot ucla.edu --- Created attachment 51582 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=51582&action=edit 2nd test case illustrating the bug I'm attaching a second test case, also taken from GNU Emacs, illustrating the same bug or at least something similar. Compile it on the same platform with: gcc -fanalyzer -O2 -S analyzer-null-dereference-2.i and the output will be the following. The false alarm is incorrect here, too. I plan to modify Emacs to disable the warnings in the two source-code files that are generating these false alarms. analyzer-null-dereference-2.i: In function 'Ftime_convert': analyzer-null-dereference-2.i:36:13: warning: dereference of NULL 'time' [CWE-476] [-Wanalyzer-null-dereference] 36 | return ((a->size & (PSEUDOVECTOR_FLAG | PVEC_TYPE_MASK)) | ~^~~~~~ 'Ftime_convert': events 1-4 | | 72 | Ftime_convert (struct lisp *time) | | ^~~~~~~~~~~~~ | | | | | (1) entry to 'Ftime_convert' | 73 | { | 74 | decode_time_components (time ? XCDR (time) : time); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (2) following 'false' branch (when 'time' is NULL)... | | (3) ...to here | | (4) calling 'decode_time_components' from 'Ftime_convert' | +--> 'decode_time_components': events 5-7 | | 43 | if (! VECTORLIKEP (a)) | | ~ | | | | | (6) following 'true' branch... |...... | 65 | decode_time_components (struct lisp *low) | | ^~~~~~~~~~~~~~~~~~~~~~ | | | | | (5) entry to 'decode_time_components' |...... | 69 | } | | ~ | | | | | (7) ...to here | <------+ | 'Ftime_convert': events 8-11 | | 36 | return ((a->size & (PSEUDOVECTOR_FLAG | PVEC_TYPE_MASK)) | | ~~~~~~~ | | | | | (10) ...to here | | (11) dereference of NULL 'time' |...... | 43 | if (! VECTORLIKEP (a)) | | ~ | | | | | (9) following 'false' branch... |...... | 74 | decode_time_components (time ? XCDR (time) : time); | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (8) returning to 'Ftime_convert' from 'decode_time_components' |
