https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97893
Bug ID: 97893
Summary: Analyzer should only use CWE 690 when null ptr is from
a function return
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Target Milestone: ---
>From an email from a user:
> -Wanalyzer-possible-null-dereference reports CWE-690. If we
> know that the NULL is the result of a function returning NULL, then 690 is
> correct. Otherwise, 476 is the parent of 690 which means it's a more
> generalized classification for all NULL ptr dereferences. So, it's probably
> what we want for less specific kinds of dereferences.
Internally, 690 is used unconditionally by possible_null_deref::emit,
possible_null_arg::emit, null_deref::emit, and null_arg::emit.
