https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105947
Bug ID: 105947 Summary: RFE: -fanalyzer should complain about jumps through NULL function pointers Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Blocks: 105887 Target Milestone: --- -fanalyzer already complains about jumps through uninitialized function pointers: uninit-1.c: In function ‘calling_uninit_fn_ptr_2’: uninit-1.c:140:10: warning: use of uninitialized value ‘fn_ptr’ [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 140 | return fn_ptr (); | ^~~~~~~~~ ‘calling_uninit_fn_ptr_2’: events 1-2 | | 139 | int (*fn_ptr) (void); | | ^~~~~~ | | | | | (1) region created on stack here | 140 | return fn_ptr (); | | ~~~~~~~~~ | | | | | (2) use of uninitialized value ‘fn_ptr’ here | but it fails to complain about jumps through NULL function pointers, e.g. it is silent for: $ cat gcc/testsuite/gcc.dg/analyzer/function-ptr-5.c #define NULL ((void *)0) void calling_null_fn_ptr_1 (void) { void (*fn_ptr) (void) = NULL; fn_ptr (); } int calling_uninit_fn_ptr_2 (void) { int (*fn_ptr) (void) = NULL; return fn_ptr (); } We should complain about jumps through known-to-be-NULL function pointers (probably with a new warning e.g. -Wanalyzer-jump-through-null or somesuch). Compare with: https://clang.llvm.org/docs/analyzer/checkers.html#core-callandmessage-c-c-objc Referenced Bugs: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105887 [Bug 105887] [meta-bug] clang analyzer warnings that GCC's -fanalyzer could implement