https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105285
--- Comment #1 from Ævar Arnfjörð Bjarmason <avarab at gmail dot com> --- Created attachment 52814 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=52814&action=edit A patch to git.git that works around the -fanalyzer false positive A fix to git.git to work around the analyzer false positive, this diff on top shows an annotated path through the program it thinks we'd take. 24 and 28 can't be true/false false/true, only false/false true/true. diff --git a/reftable/reader.c b/reftable/reader.c index ea66771165f..d3a4639d6ca 100644 --- a/reftable/reader.c +++ b/reftable/reader.c @@ -61,6 +61,9 @@ static int reader_get_block(struct reftable_block *dest, uint32_t sz, const uint64_t off, const uint64_t r_size) { + if (off >= r_size) /* (28) following ‘true’ branch (when ‘off >= r_size’)... */ + return 0; + if (off + sz > r_size) { sz = r_size - off; } @@ -288,13 +291,14 @@ int reader_init_block_reader(struct reftable_reader *r, struct block_reader *br, uint32_t header_off = next_off ? 0 : header_size(r->version); int32_t block_size = 0; - if (next_off >= r_size) + if (next_off >= r_size) /* (24) following ‘false’ branch (when ‘next_off < r_size’)... */ return 1; err = reader_get_block(&block, &r->source, next_off, guess_block_size, r_size); - if (err < 0) + if (err < 0) /* (31) following ‘false’ branch (when ‘err >= 0’)... */ goto done; + /* We'll supposedly deference NULL block.data[0] here ... */ block_size = extract_block_size(block.data, &block_typ, next_off, r->version); if (block_size < 0) {
