https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103546
--- Comment #3 from David Malcolm <dmalcolm at gcc dot gnu.org> --- The -Wanalyzer-null-dereference false positive seems to be due to the analyzer being overzealous about escaping, where it erroneously is treating yy_buffer_stack as having escaped, and thus can be overwritten by external code (such as isatty and __errno_location), thus leading to it considering impossible paths where an external function sets yy_buffer_stack to NULL after the test for NULL in yyensure_buffer_stack. Am investigating.
