[Bug other/89863] [meta-bug] Issues that static analyzers (cppcheck, clang-static-analyzer) find that gcc misses
dcb314 at hotmail dot com
gcc-bugzilla@gcc.gnu.org
Mon Feb 10 12:41:00 GMT 2020
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89863
--- Comment #6 from David Binderman <dcb314 at hotmail dot com> ---
For this C++ code:
// reading 8 bytes from a 5 byte field
# include <stdint.h>
# include <cstring>
struct S
{
char a[ 5];
short b;
};
void f( const S * ps)
{
uint64_t n;
memcpy( &n, ps->a, sizeof( uint64_t));
}
derived from recent Linux kernel, gcc has nothing to say:
$ /home/dcb/gcc/results/bin/gcc -c -g -O2 -Wall -Wextra feb10a.cc
$
Interestingly, clang++ doesn't say much either:
$ clang++ -c -O2 -Wall -Wextra feb10a.cc
$
Adding _FORTIFY_SOURCE=2 doesn't help. Here is cppcheck in action:
$ /home/dcb/cppcheck/trunk/cppcheck feb10a.cc
feb10a.cc:17:16: error: Buffer is accessed out of bounds: ps->a
[bufferAccessOutOfBounds]
memcpy( &n, ps->a, sizeof( uint64_t));
^
$
More information about the Gcc-bugs
mailing list