[Bug sanitizer/92634] [8/9/10 regression] -fsanitize=undefined erroneous null pointer check
amodra at gmail dot com
gcc-bugzilla@gcc.gnu.org
Sat Nov 23 10:27:00 GMT 2019
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92634
--- Comment #11 from Alan Modra <amodra at gmail dot com> ---
Oh wow, so the line of reasoning relies on what the C standard *doesn't* say in
6.5.3.2.
I also think the deductions are somewhat suspect. You say &p->f is the same as
&((*p).f), which is from p->f being the same as (*p).f. While I agree that is
generally true, it's relying on note 79 in the spec isn't it?
79) If &E is a valid pointer expression (where & is the ‘‘address-of’’
operator, which generates a pointer to its operand), the expression (&E)->MOS
is the same as E.MOS.
But if we don't have &E, which we don't when p is the null pointer (by
6.3.2.3/3), then how can you use note 79 to say p->f is the same as (*p).f when
p is the null pointer?
Quite likely I'm missing something. However, the fact that there is old C code
around from many years ago that uses the offsetof macro as I wrote it, and the
fact that no compiler on earth actually dereferences p in &p->f lends credence
to the idea that there is no dereference here.
More information about the Gcc-bugs
mailing list