Bug 96739

Summary: attribute(constructor) vs format NULL check
Product: gcc Reporter: Dr. David Alan Gilbert <dgilbert>
Component: cAssignee: Not yet assigned to anyone <unassigned>
Status: UNCONFIRMED ---    
Severity: normal CC: msebor
Priority: P3    
Version: 10.2.1   
Target Milestone: ---   
Host: Target:
Build: Known to work:
Known to fail: Last reconfirmed:
Attachments: boiled down test file
less boiled down test

Description Dr. David Alan Gilbert 2020-08-21 19:49:22 UTC
Created attachment 49096 [details]
boiled down test file

The following is boiled down (too far?) from current (d6f83a72a7db94a3ede9f5cc4fb39f9c8e89f954) qemu-io-cmds.c

and generates the warning:
ioprob.c:28:5: warning: ‘%s’ directive argument is null [-Wformat-overflow=]
   28 |     printf("%s ", ct->name);
      |     ^~~~~~~~~~~~~~~~~~~~~~~

unless the __attribute((constructor)) is removed from init_qemuio_commands

I think the problem here is that ct comes from cmdtab which is a static and it doesn't notice that it's initialised, and therefore decides it's NULL?


cc -O1  -Wformat -Wformat-security      -c ioprob.c -Wunused 
In function ‘help_oneline’,
    inlined from ‘help_all’ at ioprob.c:34:5,
    inlined from ‘help_f’ at ioprob.c:39:5:
ioprob.c:28:5: warning: ‘%s’ directive argument is null [-Wformat-overflow=]
   28 |     printf("%s ", ct->name);
      |     ^~~~~~~~~~~~~~~~~~~~~~~

[dgilbert@dgilbert-t580 try]$ gcc -v
Using built-in specs.
COLLECT_GCC=/usr/bin/gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-redhat-linux/10/lto-wrapper
OFFLOAD_TARGET_NAMES=nvptx-none
OFFLOAD_TARGET_DEFAULT=1
Target: x86_64-redhat-linux
Configured with: ../configure --enable-bootstrap --enable-languages=c,c++,fortran,objc,obj-c++,ada,go,d,lto --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla --enable-shared --enable-threads=posix --enable-checking=release --enable-multilib --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-gnu-unique-object --enable-linker-build-id --with-gcc-major-version-only --with-linker-hash-style=gnu --enable-plugin --enable-initfini-array --with-isl --enable-offload-targets=nvptx-none --without-cuda-driver --enable-gnu-indirect-function --enable-cet --with-tune=generic --with-arch_32=i686 --build=x86_64-redhat-linux
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 10.2.1 20200723 (Red Hat 10.2.1-1) (GCC)
Comment 1 Martin Sebor 2020-08-21 20:13:00 UTC
The warning is issued as a result of the if statement in help_oneline.  Since cmd is passed ct->name, if cmd is null then so is ct->name (see below).  Perhaps you went too far in reducing the test case?

$ cat pr96739.c && gcc -O2 -S -Wall pr96739.c
typedef struct cmdinfo {
  const char *name;
} cmdinfo_t;
;
cmdinfo_t *cmdtab;
int ncmds;

static void help_oneline(const char *cmd, const cmdinfo_t *ct) {
  if (cmd) {
  } else {
    __builtin_printf("%s ", ct->name);
  }
}
void help_all(void) {
  const cmdinfo_t *ct;
  for (ct = cmdtab; ct < &cmdtab[ncmds]; ct++)
    help_oneline (ct->name, ct);
}
In function ‘help_oneline’,
    inlined from ‘help_all’ at pr96739.c:17:5:
pr96739.c:11:5: warning: ‘%s’ directive argument is null [-Wformat-overflow=]
   11 |     __builtin_printf("%s ", ct->name);
      |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Comment 2 Dr. David Alan Gilbert 2020-08-24 09:34:39 UTC
Created attachment 49108 [details]
less boiled down test
Comment 3 Dr. David Alan Gilbert 2020-08-24 09:38:26 UTC
Hi Martin,
  Thanks for the response.
I've added a slightly less boiled down test that I think is still valid.

I agree with that you say in the case of the call from help_all->help_oneline because cmd and ct are related; however int he original, and new attachment, there's another independent call to help_oneline via help_onecmd->help_oneline  where the cmd is argv[1].

So while it's true, that as you say, in the help_all->help_oneline case, if the cmd is NULL then so is ct->name, this is only true for one caller of help_oneline.