https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108968
--- Comment #13 from Andrew Cooper <andrew.cooper3 at citrix dot com> ---
I've constructed an example which might be the knockon effect you were worried
about?
void foo(char *other)
{
char *ptr = NULL;
if ( current->domain )
ptr = other;
asm volatile ("cmc");
if ( current->domain )
ptr[0] = ~ptr[0];
}
yields
arch/x86/tmp.c: In function 'foo':
arch/x86/tmp.c:14:22: error: dereference of NULL 'ptr' [CWE-476]
[-Werror=analyzer-null-dereference]
14 | ptr[0] = ~ptr[0];
| ~~~^~~
'foo': events 1-5
|
| 8 | if ( current->domain )
| | ^
| | |
| | (1) following 'false' branch...
|......
| 11 | asm volatile ("cmc");
| | ~~~
| | |
| | (2) ...to here
| 12 |
| 13 | if ( current->domain )
| | ~
| | |
| | (3) following 'true' branch...
| 14 | ptr[0] = ~ptr[0];
| | ~~~ ~~~~~~
| | | |
| | | (5) dereference of NULL 'ptr'
| | (4) ...to here
|
