blob: 320044753a183e94b46f4d7ad4998a83cc9336bc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
/* Example of a multilevel wrapper around malloc, with an unchecked write. */
/* { dg-additional-options "-fdiagnostics-show-line-numbers -fdiagnostics-path-format=inline-events -fanalyzer-checker=malloc -fdiagnostics-show-caret" } */
/* { dg-enable-nn-line-numbers "" } */
#include <stdlib.h>
void *wrapped_malloc (size_t size)
{
return malloc (size);
}
typedef struct boxed_int
{
int i;
} boxed_int;
boxed_int *
make_boxed_int (int i)
{
boxed_int *result = (boxed_int *)wrapped_malloc (sizeof (boxed_int));
result->i = i; /* { dg-warning "dereference of possibly-NULL 'result'" } */
return result;
}
/* "dereference of possibly-NULL 'result' [CWE-690]". */
/* { dg-begin-multiline-output "" }
NN | result->i = i;
| ~~~~~~~~~~^~~
'make_boxed_int': events 1-2
|
| NN | make_boxed_int (int i)
| | ^~~~~~~~~~~~~~
| | |
| | (1) entry to 'make_boxed_int'
| NN | {
| NN | boxed_int *result = (boxed_int *)wrapped_malloc (sizeof (boxed_int));
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) calling 'wrapped_malloc' from 'make_boxed_int'
|
+--> 'wrapped_malloc': events 3-4
|
| NN | void *wrapped_malloc (size_t size)
| | ^~~~~~~~~~~~~~
| | |
| | (3) entry to 'wrapped_malloc'
| NN | {
| NN | return malloc (size);
| | ~~~~~~~~~~~~~
| | |
| | (4) this call could return NULL
|
<------+
|
'make_boxed_int': events 5-6
|
| NN | boxed_int *result = (boxed_int *)wrapped_malloc (sizeof (boxed_int));
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (5) possible return of NULL to 'make_boxed_int' from 'wrapped_malloc'
| NN | result->i = i;
| | ~~~~~~~~~~~~~
| | |
| | (6) 'result' could be NULL: unchecked value from (4)
|
{ dg-end-multiline-output "" } */
|
