https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106394
Bug ID: 106394
Summary: Possible false positive from
-Wanalyzer-allocation-size with empty array
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
CC: tlange at gcc dot gnu.org
Blocks: 106358
Target Milestone: ---
Given:
struct msm_gpu {
// [...snip...]
const struct msm_gpu_perfcntr *perfcntrs;
// [...snip...]
};
struct msm_gpu_perfcntr {
// [...snip...]
const char *name;
};
static const struct msm_gpu_perfcntr perfcntrs[] = {};
struct msm_gpu *test(struct msm_gpu *gpu) {
// [...snip...]
gpu->perfcntrs = perfcntrs;
// [...snip...]
return gpu;
}
I see this with -fanalyzer and trunk:
../../src/a2xx_gpu.c: In function ‘test’:
../../src/a2xx_gpu.c:16:18: warning: allocated buffer size is not a multiple of
the pointee's size [CWE-131] [-Wanalyzer-allocation-size]
16 | gpu->perfcntrs = perfcntrs;
| ~~~~~~~~~~~~~~~^~~~~~~~~~~
event 1
|
| 12 | static const struct msm_gpu_perfcntr perfcntrs[] = {};
| | ^~~~~~~~~
| | |
| | (1) allocated 0 bytes here
|
+--> ‘test’: events 2-3
|
| 14 | struct msm_gpu *test(struct msm_gpu *gpu) {
| | ^~~~
| | |
| | (2) entry to ‘test’
| 15 | // [...snip...]
| 16 | gpu->perfcntrs = perfcntrs;
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (3) assigned to ‘const struct
msm_gpu_perfcntr *’ here; ‘sizeof (const struct msm_gpu_perfcntr)’ is ‘8’
|
which looks like a false positive.
Reduced from Linux kernel's drivers/gpu/drm/msm/adreno/a2xx_gpu.c: function
‘a2xx_gpu_init’:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/gpu/drm/msm/adreno/a2xx_gpu.c#n521
which has:
drivers/gpu/drm/msm/adreno/a2xx_gpu.c: In function ‘a2xx_gpu_init’:
drivers/gpu/drm/msm/adreno/a2xx_gpu.c:521:24: error: allocated buffer size is
not a multiple of the pointee's size [CWE-131]
[-Werror=analyzer-allocation-size]
521 | gpu->perfcntrs = perfcntrs;
| ~~~~~~~~~~~~~~~^~~~~~~~~~~
event 1
|
| 493 | static const struct msm_gpu_perfcntr perfcntrs[] = {
| | ^~~~~~~~~
| | |
| | (1) allocated 0 bytes here
|
+--> ‘a2xx_gpu_init’: events 2-7
|
| 497 | struct msm_gpu *a2xx_gpu_init(struct drm_device *dev)
| | ^~~~~~~~~~~~~
| | |
| | (2) entry to ‘a2xx_gpu_init’
|......
| 506 | if (!pdev) {
| | ~
| | |
| | (3) following ‘false’ branch (when ‘pdev’ is
non-NULL)...
|......
| 512 | a2xx_gpu = kzalloc(sizeof(*a2xx_gpu), GFP_KERNEL);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (4) ...to here
| 513 | if (!a2xx_gpu) {
| | ~
| | |
| | (5) following ‘false’ branch (when ‘a2xx_gpu’ is
non-NULL)...
|......
| 518 | adreno_gpu = &a2xx_gpu->base;
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (6) ...to here
|......
| 521 | gpu->perfcntrs = perfcntrs;
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (7) assigned to ‘const struct
msm_gpu_perfcntr *’ here; ‘sizeof (const struct msm_gpu_perfcntr)’ is ‘24’
|
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106358
[Bug 106358] [meta-bug] tracker bug for building the Linux kernel with
-fanalyzer
