gcc 13 -fanalyze run with fixes / comments about false positives

2023-05-02 12:51:56 +00:00 · 2023-05-02 12:51:56 +00:00 · 4422ec3770
commit 4422ec3770
parent e98c1c426f
9 changed files with 24 additions and 12 deletions
--- a/2
+++ b/2
@ -1416,8 +1416,6 @@ srcfiles=$(foreach dir,$(srcdirs),$(wildcard $(dir)/*.c))

 compile_commands.json.tmpl: json
 	./json $(srcfiles) > $@
-#	for i in $(ALL_OBJS); do foo="{ \"directory\": \".\", \"file\": \"
-#	echo "[ > $@

 compile_commands.json: compile_commands.json.tmpl
 	sed -e 's#"@"#"$(PWD)"#' < $< > $@
--- a/critbit/critbit.c
+++ b/critbit/critbit.c
@ -120,7 +120,7 @@ different_byte_found:
  }

  newnode->child[newdirection]= *wherep;
-  *wherep= (void*)(1+(char*)newnode);
+  *wherep= (void*)(1+(char*)newnode);	// gcc -fanalyze false positive

  return 2;
 }
--- a/fmt/fmt_strm_internal.c
+++ b/fmt/fmt_strm_internal.c
@ -8,7 +8,10 @@ size_t fmt_strm_internal(char* dest, ...) {
  va_start(a,dest);
  for (n=0; (s=va_arg(a,const char*)); ) {
    size_t inc=fmt_str(dest,s);
-    if (n+inc<n) return (size_t)-1;
+    if (n+inc<n) {
+      n=(size_t)-1;
+      break;
+    }
    if (dest) dest+=inc;
    n+=inc;
  }
--- a/fmt/fmt_utf8.c
+++ b/fmt/fmt_utf8.c
@ -11,6 +11,11 @@ size_t fmt_utf8(char *dest,uint32_t n) {
      --j;
      if (dest) {
 	size_t k=j*6;
+	// gcc -fanalyze warns here that j-1 might underflow, leading to
+	// undefined behavior because right shift by more than integer
+	// width is undefined. That can't happen because both n>0x7f and
+	// i>=n would have to be true and we initialize i as 0x3f and
+	// with each iteration j is incremented. It's a false positive.
 	*dest++=(char)(((char)0xc0 >> (j-1)) | (char)(n >> k));
 	while (k) {
 	  *dest++=(char)(0x80 | ((n >> (k-6)) & 0x3f));
--- a/io/io_readfile.c
+++ b/io/io_readfile.c
@ -5,8 +5,8 @@

 int io_readfile(int64* d,const char* s) {
  long fd=open(s,O_RDONLY);
-  if (fd != -1) {
-    *d=fd;
+  if (fd != -1) {	// gcc -fanalyze false positive
+    *d=fd;	// no leak, we return in *d
    return 1;
  }
  return 0;
--- a/io/io_readwritefile.c
+++ b/io/io_readwritefile.c
@ -5,8 +5,8 @@

 int io_readwritefile(int64* d,const char* s) {
  long fd=open(s,O_RDWR);
-  if (fd != -1) {
-    *d=fd;
+  if (fd != -1) {	// gcc -fanalyze false positive
+    *d=fd;	// no leak, we return the fd in *d
    return 1;
  }
  return 0;
--- a/io/iob_prefetch.c
+++ b/io/iob_prefetch.c
@ -15,7 +15,7 @@ void iob_prefetch(io_batch* b,uint64 bytes) {
 #include <sys/mman.h>

 void iob_prefetch(io_batch* b,uint64 bytes) {
-  volatile char x;
+  volatile char x=0;
  iob_entry* e,* last;
  if (b->bytesleft==0) return;
  last=(iob_entry*)(((char*)array_start(&b->b))+array_bytes(&b->b));
--- a/scan/scan_utf8_sem.c
+++ b/scan/scan_utf8_sem.c
@ -3,6 +3,9 @@
 size_t scan_utf8_sem(const char* in,size_t len,uint32_t* num) {
  size_t r=scan_utf8(in,len,num);
  if (r>0) {
+    // gcc -fanalyze warns here that we are reading undefined values
+    // from *num which is declared as write only. That is a false
+    // positive because we just called scan_utf8 which writes there.
    if (*num>=0xd800 && *num<=0xdfff) return 0;
    if ((*num&0xfffe)==0xfffe) return 0;
    if (*num>=0xfdd0 && *num<=0xfdef) return 0;
--- a/stralloc/stralloc_catm_internal.c
+++ b/stralloc/stralloc_catm_internal.c
@ -9,9 +9,12 @@ int stralloc_catm_internal(stralloc* sa, ...) {
  va_start(a,sa);
  while ((s=va_arg(a,const char*))) {
    size_t tmp = strlen(s);
-    if (n + tmp < n) return 0;	// integer overflow
-    // integer overflow should not be possible, but someone could pass
-    // the same string twice to provoke it. Better check than sorry.
+    if (n + tmp < n) {
+      va_end(a);
+      return 0;	// integer overflow
+      // integer overflow should not be possible, but someone could pass
+      // the same string twice to provoke it. Better check than sorry.
+    }
    n += tmp;
  }
  va_end(a);