Bug 80049 - gcc/genmodes.c: PVS-Studio: NULL Pointer Dereference (CWE-476)
Summary: gcc/genmodes.c: PVS-Studio: NULL Pointer Dereference (CWE-476)
Status: RESOLVED INVALID
Alias: None
Product: gcc
Classification: Unclassified
Component: other (show other bugs)
Version: 7.0.1
: P3 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords: diagnostic
Depends on:
Blocks: cppcheck
  Show dependency treegraph
 
Reported: 2017-03-15 14:53 UTC by Phillip Khandeliants
Modified: 2021-08-24 19:41 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Phillip Khandeliants 2017-03-15 14:53:53 UTC 
We have found a weakness (CWE-476) using PVS-Studio tool. PVS-Studio is a static code analyzer for C, C++ and C#: https://www.viva64.com/en/pvs-studio/

Analyzer warning: V595 The 'm->component' pointer was utilized before it was verified against nullptr. Check lines: 399, 407. genmodes.c 399

static void complete_mode (struct mode_data *m)
{
  ....
  if (   m->cl == MODE_COMPLEX_INT 
      || m->cl == MODE_COMPLEX_FLOAT)
    alignment = m->component->bytesize;        // <=
  else
    alignment = m->bytesize;

  m->alignment = alignment & (~alignment + 1);

  if (m->component)                            // <=
    {
      m->next_cont = m->component->contained;
      m->component->contained = m;
    }
}
Comment 1 Andrew Pinski 2021-08-24 19:41:04 UTC 
The static analysis tool is not tracking m->cl through the switch before that well.


There is a check for component being non-zero here:
    case MODE_COMPLEX_INT:
    case MODE_COMPLEX_FLOAT:
      /* Complex modes should have a component indicated, but no more.  */
      validate_mode (m, UNSET, UNSET, SET, UNSET, UNSET);


Which is before the access of m->component in the if statement.