From f3f312b535f57b5773953746f6ad0d890ce09b88 Mon Sep 17 00:00:00 2001 From: David Malcolm Date: Wed, 18 Nov 2020 15:53:36 -0500 Subject: [PATCH] analyzer: only use CWE-690 for unchecked return value [PR97893] CWE-690 is only for dereferencing an unchecked return value; for other kinds of NULL dereference, use the parent classification, CWE-476. gcc/analyzer/ChangeLog: PR analyzer/97893 * sm-malloc.cc (null_deref::emit): Use CWE-476 rather than CWE-690, as this isn't due to an unchecked return value. (null_arg::emit): Likewise. gcc/testsuite/ChangeLog: PR analyzer/97893 * gcc.dg/analyzer/malloc-1.c: Add CWE-690 and CWE-476 codes to expected output. --- gcc/analyzer/sm-malloc.cc | 8 +++---- gcc/testsuite/gcc.dg/analyzer/malloc-1.c | 30 ++++++++++++------------ 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/gcc/analyzer/sm-malloc.cc b/gcc/analyzer/sm-malloc.cc index fd12a358176..4c387381137 100644 --- a/gcc/analyzer/sm-malloc.cc +++ b/gcc/analyzer/sm-malloc.cc @@ -675,9 +675,9 @@ public: bool emit (rich_location *rich_loc) FINAL OVERRIDE { - /* CWE-690: Unchecked Return Value to NULL Pointer Dereference. */ + /* CWE-476: NULL Pointer Dereference. */ diagnostic_metadata m; - m.add_cwe (690); + m.add_cwe (476); return warning_meta (rich_loc, m, OPT_Wanalyzer_null_dereference, "dereference of NULL %qE", m_arg); @@ -723,10 +723,10 @@ public: bool emit (rich_location *rich_loc) FINAL OVERRIDE { - /* CWE-690: Unchecked Return Value to NULL Pointer Dereference. */ + /* CWE-476: NULL Pointer Dereference. */ auto_diagnostic_group d; diagnostic_metadata m; - m.add_cwe (690); + m.add_cwe (476); bool warned; if (zerop (m_arg)) diff --git a/gcc/testsuite/gcc.dg/analyzer/malloc-1.c b/gcc/testsuite/gcc.dg/analyzer/malloc-1.c index 38ce1a52987..c5bf1227c55 100644 --- a/gcc/testsuite/gcc.dg/analyzer/malloc-1.c +++ b/gcc/testsuite/gcc.dg/analyzer/malloc-1.c @@ -30,14 +30,14 @@ void test_2a (void *ptr) int *test_3 (void) { int *ptr = (int *)malloc (sizeof (int)); - *ptr = 42; /* { dg-warning "dereference of possibly-NULL 'ptr'" } */ + *ptr = 42; /* { dg-warning "dereference of possibly-NULL 'ptr' \\\[CWE-690\\\]" } */ return ptr; } int *test_3a (void) { int *ptr = (int *)__builtin_malloc (sizeof (int)); - *ptr = 42; /* { dg-warning "dereference of possibly-NULL 'ptr'" } */ + *ptr = 42; /* { dg-warning "dereference of possibly-NULL 'ptr' \\\[CWE-690\\\]" } */ return ptr; } @@ -47,7 +47,7 @@ int *test_4 (void) if (ptr) *ptr = 42; else - *ptr = 43; /* { dg-warning "dereference of NULL 'ptr'" } */ + *ptr = 43; /* { dg-warning "dereference of NULL 'ptr' \\\[CWE-476\\\]" } */ return ptr; } @@ -260,14 +260,14 @@ void test_22 (void) int *test_23 (int n) { int *ptr = (int *)calloc (n, sizeof (int)); - ptr[0] = 42; /* { dg-warning "dereference of possibly-NULL 'ptr'" } */ + ptr[0] = 42; /* { dg-warning "dereference of possibly-NULL 'ptr' \\\[CWE-690\\\]" } */ return ptr; } int *test_23a (int n) { int *ptr = (int *)__builtin_calloc (n, sizeof (int)); - ptr[0] = 42; /* { dg-warning "dereference of possibly-NULL 'ptr'" } */ + ptr[0] = 42; /* { dg-warning "dereference of possibly-NULL 'ptr' \\\[CWE-690\\\]" } */ return ptr; } @@ -302,7 +302,7 @@ struct coord { struct coord *test_27 (void) { struct coord *p = (struct coord *) malloc (sizeof (struct coord)); /* { dg-message "this call could return NULL" } */ - p->x = 0.f; /* { dg-warning "dereference of possibly-NULL 'p'" } */ + p->x = 0.f; /* { dg-warning "dereference of possibly-NULL 'p' \\\[CWE-690\\\]" } */ /* Only the first such usage should be reported: */ p->y = 0.f; @@ -313,7 +313,7 @@ struct coord *test_27 (void) struct coord *test_28 (void) { struct coord *p = NULL; - p->x = 0.f; /* { dg-warning "dereference of NULL 'p'" } */ + p->x = 0.f; /* { dg-warning "dereference of NULL 'p' \\\[CWE-476\\\]" } */ /* Only the first such usage should be reported: */ p->y = 0.f; @@ -416,7 +416,7 @@ void test_36 (void) void *test_37a (void) { void *ptr = malloc(4096); /* { dg-message "this call could return NULL" } */ - __builtin_memset(ptr, 0, 4096); /* { dg-warning "use of possibly-NULL 'ptr' where non-null expected" } */ + __builtin_memset(ptr, 0, 4096); /* { dg-warning "use of possibly-NULL 'ptr' where non-null expected \\\[CWE-690\\\]" } */ return ptr; } @@ -427,7 +427,7 @@ int test_37b (void) if (p) { __builtin_memset(p, 0, 4096); /* Not a bug: checked */ } else { - __builtin_memset(q, 0, 4096); /* { dg-warning "use of possibly-NULL 'q' where non-null expected" } */ + __builtin_memset(q, 0, 4096); /* { dg-warning "use of possibly-NULL 'q' where non-null expected \\\[CWE-690\\\]" } */ } free(p); free(q); @@ -452,7 +452,7 @@ int * test_39 (int i) { int *p = (int*)malloc(sizeof(int*)); /* { dg-message "this call could return NULL" } */ - *p = i; /* { dg-warning "dereference of possibly-NULL 'p'" } */ + *p = i; /* { dg-warning "dereference of possibly-NULL 'p' \\\[CWE-690\\\]" } */ return p; } @@ -460,7 +460,7 @@ int * test_40 (int i) { int *p = (int*)malloc(sizeof(int*)); - i = *p; /* { dg-warning "dereference of possibly-NULL 'p'" } */ + i = *p; /* { dg-warning "dereference of possibly-NULL 'p' \\\[CWE-690\\\]" } */ /* TODO: (it's also uninitialized) */ return p; } @@ -476,8 +476,8 @@ test_41 (int flag) buffer = NULL; } - buffer[0] = 'a'; /* { dg-warning "dereference of possibly-NULL 'buffer'" "possibly-NULL" } */ - /* { dg-warning "dereference of NULL 'buffer'" "NULL" { target *-*-* } .-1 } */ + buffer[0] = 'a'; /* { dg-warning "dereference of possibly-NULL 'buffer' \\\[CWE-690\\\]" "possibly-NULL" } */ + /* { dg-warning "dereference of NULL 'buffer' \\\[CWE-476\\\]" "NULL" { target *-*-* } .-1 } */ return buffer; } @@ -594,7 +594,7 @@ int test_47 (void) void test_48 (void) { int *p = NULL; /* { dg-message "'p' is NULL" } */ - *p = 1; /* { dg-warning "dereference of NULL 'p'" } */ + *p = 1; /* { dg-warning "dereference of NULL 'p' \\\[CWE-476\\\]" } */ } /* As test_48, but where the assignment of NULL is not at the start of a BB. */ @@ -606,6 +606,6 @@ int test_49 (int i) x = i * 2; p = NULL; /* { dg-message "'p' is NULL" } */ - *p = 1; /* { dg-warning "dereference of NULL 'p'" } */ + *p = 1; /* { dg-warning "dereference of NULL 'p' \\\[CWE-476\\\]" } */ return x; } -- 2.30.2