https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108251
--- Comment #3 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Adding -fanalyzer-verbosity=3 to comment #2, I get:
../../src/null-deref-pr108251-smp_fetch_ssl_fc_has_early.c: In function
‘smp_fetch_ssl_fc_has_early’:
../../src/null-deref-pr108251-smp_fetch_ssl_fc_has_early.c:92:27: warning:
dereference of NULL ‘0’ [CWE-476] [-Wanalyzer-null-dereference]
92 | smp->data.u.sint = ((conn->flags & CO_FL_EARLY_DATA) &&
| ~~~~^~~~~~~
‘smp_fetch_ssl_fc_has_early’: events 1-2
|
| 78 | smp_fetch_ssl_fc_has_early(const struct arg *args, struct sample
*smp, const char *kw, void *private)
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (1) entry to ‘smp_fetch_ssl_fc_has_early’
|......
| 83 | conn = objt_conn(smp->sess->origin);
| | ~
| | |
| | (2) inlined call to ‘objt_conn’ from
‘smp_fetch_ssl_fc_has_early’
|
+--> ‘objt_conn’: event 3
|
| 63 | if (!t || *t != OBJ_TYPE_CONN)
| | ^
| | |
| | (3) following ‘true’ branch...
|
<------+
|
‘smp_fetch_ssl_fc_has_early’: event 4
|
|cc1:
| (4): ...to here
|
‘smp_fetch_ssl_fc_has_early’: events 5-7
|
| 85 | if (!ssl)
| | ^
| | |
| | (5) following ‘false’ branch (when ‘ssl’ is non-NULL)...
|......
| 88 | smp->flags = 0;
| | ~~~~~~~~~~~~~~
| | |
| | (6) ...to here
|......
| 92 | smp->data.u.sint = ((conn->flags & CO_FL_EARLY_DATA) &&
| | ~~~~~~~~~~~
| | |
| | (7) dereference of NULL ‘<unknown>’
|
which is slightly clearer; arguably we shouldn't have pruned events 2-4 from
this at the lower verbosity level, since it's really hard to figure out what
the analyzer is "thinking" in comment #2.
