We have found a weakness (CWE-476) using PVS-Studio tool. PVS-Studio is a static code analyzer for C, C++ and C#: https://www.viva64.com/en/pvs-studio/ Analyzer warning: V595 The 'm->component' pointer was utilized before it was verified against nullptr. Check lines: 399, 407. genmodes.c 399 static void complete_mode (struct mode_data *m) { .... if ( m->cl == MODE_COMPLEX_INT || m->cl == MODE_COMPLEX_FLOAT) alignment = m->component->bytesize; // <= else alignment = m->bytesize; m->alignment = alignment & (~alignment + 1); if (m->component) // <= { m->next_cont = m->component->contained; m->component->contained = m; } }
The static analysis tool is not tracking m->cl through the switch before that well. There is a check for component being non-zero here: case MODE_COMPLEX_INT: case MODE_COMPLEX_FLOAT: /* Complex modes should have a component indicated, but no more. */ validate_mode (m, UNSET, UNSET, SET, UNSET, UNSET); Which is before the access of m->component in the if statement.