diff options
| author | David Malcolm <dmalcolm@redhat.com> | 2022-11-30 21:26:43 -0500 |
|---|---|---|
| committer | David Malcolm <dmalcolm@redhat.com> | 2022-11-30 21:26:43 -0500 |
| commit | 1d86af242bc4a8e68aebf1f3b8c985f2d17fa791 (patch) | |
| tree | 2353c4d7393853014fc9ec47f9582da896238a27 /gcc/diagnostic-path.h | |
| parent | df460cf51b25868564dd2628a399b8c874ef309c (diff) | |
| download | gcc-1d86af242bc4a8e68aebf1f3b8c985f2d17fa791.tar.gz | |
diagnostics: tweak diagnostic_path::interprocedural_p [PR106626]
The region-creation event at the start of...
<source>: In function 'int_arr_write_element_after_end_off_by_one':
<source>:14:11: warning: buffer overflow [CWE-787] [-Wanalyzer-out-of-bounds]
14 | arr[10] = x;
| ~~~~~~~~^~~
event 1
|
| 10 | int32_t arr[10];
| | ^~~
| | |
| | (1) capacity is 40 bytes
|
+--> 'int_arr_write_element_after_end_off_by_one': events 2-3
|
| 12 | void int_arr_write_element_after_end_off_by_one(int32_t x)
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) entry to 'int_arr_write_element_after_end_off_by_one'
| 13 | {
| 14 | arr[10] = x; /* { dg-line line } */
| | ~~~~~~~~~~~
| | |
| | (3) out-of-bounds write from byte 40 till byte 43 but 'arr' ends at byte 40
|
<source>:14:11: note: write of 4 bytes to beyond the end of 'arr'
14 | arr[10] = x;
| ~~~~~~~~^~~
<source>:14:11: note: valid subscripts for 'arr' are '[0]' to '[9]'
...makes diagnostic_manager::finish_pruning consider the path to be
interprocedural, and so it doesn't prune the function entry event.
This patch tweaks diagnostic_path::interprocedural_p to ignore
leading events outside of any function, so that it considers the
path to be intraprocedural, and thus diagnostic_manager::finish_pruning
prunes the function entry event, leading to this simpler output:
<source>: In function 'int_arr_write_element_after_end_off_by_one':
<source>:14:11: warning: buffer overflow [CWE-787] [-Wanalyzer-out-of-bounds]
14 | arr[10] = x;
| ~~~~~~~~^~~
event 1
|
| 10 | int32_t arr[10];
| | ^~~
| | |
| | (1) capacity is 40 bytes
|
+--> 'int_arr_write_element_after_end_off_by_one': event 2
|
| 14 | arr[10] = x;
| | ~~~~~~~~^~~
| | |
| | (2) out-of-bounds write from byte 40 till byte 43 but 'arr' ends at byte 40
|
<source>:14:11: note: write of 4 bytes to beyond the end of 'arr'
<source>:14:11: note: valid subscripts for 'arr' are '[0]' to '[9]'
gcc/ChangeLog:
PR analyzer/106626
* diagnostic-path.h
(diagnostic_path::get_first_event_in_a_function): New decl.
* diagnostic.cc (diagnostic_path::get_first_event_in_a_function):
New.
(diagnostic_path::interprocedural_p): Ignore leading events that
are outside of any function.
gcc/testsuite/ChangeLog:
PR analyzer/106626
* gcc.dg/analyzer/out-of-bounds-multiline-1.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
Diffstat (limited to 'gcc/diagnostic-path.h')
| -rw-r--r-- | gcc/diagnostic-path.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/gcc/diagnostic-path.h b/gcc/diagnostic-path.h index 8ce4ff763d4..aa5cda8c23a 100644 --- a/gcc/diagnostic-path.h +++ b/gcc/diagnostic-path.h @@ -167,6 +167,9 @@ class diagnostic_path virtual const diagnostic_event & get_event (int idx) const = 0; bool interprocedural_p () const; + +private: + bool get_first_event_in_a_function (unsigned *out_idx) const; }; /* Concrete subclasses. */ |