https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107733
Bug ID: 107733
Summary: GCC - -Wanayzer-null-dereference false positive with
wrong path note "(3) 'e' is NULL" and inconsistent
behaviors
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: geoffreydgr at icloud dot com
Target Milestone: ---
I got a false positive warning when compiling the following program with
`gcc(trunk) -fanalyzer -O0` in https://godbolt.org/z/YbeGcc5cd. After
deleting ` int *d = 0;`, the NPD disappears. I think it is ok for gcc to emit
this FP warning, but deleting the unrelated code ` int *d = 0;` should not
affect the result. And the path note `(3) 'e' is NULL` is wrong, this may
suggest some problems.
I have tried this with gcc 12, gcc 11, and gcc 10, and all of them have this
phenomenon.
Program:
```c
#include <stdio.h>
void a( int* e) {
printf("NPD_FLAG\n");
if(e == 0){
int *d = 0;
*e = 1;
}
}
int main() {
int i =5;
a(&i);
}
```
Warning:
```bash
<source>: In function 'a':
<source>:6:12: warning: dereference of NULL 'e' [CWE-476]
[-Wanalyzer-null-dereference]
6 | *e = 1;
| ~~~^~~
'a': events 1-4
|
| 4 | if(e == 0){
| | ^
| | |
| | (1) following 'true' branch (when 'e' is NULL)...
| 5 | int *d = 0;
| | ~
| | |
| | (2) ...to here
| | (3) 'e' is NULL
| 6 | *e = 1;
| | ~~~~~~
| | |
| | (4) dereference of NULL 'e'
|
```
