1

I have the following code:

int s[4096];
unsigned char o = 0;

int main(void) {
    int *n;
    return ((char *) (s + o)) == 0 ? *n : 0;
}

When I run the Clang Static Analyzer on that code, it warns me that I'm dereferencing n because (char *) (s + o) is a null pointer, which it's not (I can even print it and get an address that's definitely not zero).

What am I missing?

Clang Analyzer screenshot

I'm noticing that removing the (char *) cast makes the warning disappear.

Improve this question
8
  • It warns you because the condition could technically evaluate to true, in which case you dereference a uninitialized pointer. Commented Oct 30, 2019 at 19:51
  • @tkausl, that makes sense, but I can't figure out in which conditions this could be true. For whatever value o has, this still won't be true. And this is the only codepath in the entire program, so neither s nor o can have any other values than the ones in the program. I'm also noticing that removing the (char *) cast makes the warning disappear. Commented Oct 30, 2019 at 19:52
  • if o is over 4096, then it is UB, then could be true Commented Oct 30, 2019 at 19:56
  • @OznOg, but o is an unsigned char, so it can only have values between 0 and 255. Commented Oct 30, 2019 at 19:57
  • Ok, :) I guess you expect quite a lot from the compiler :) Commented Oct 30, 2019 at 19:58

1 Answer 1

Reset to default
1

I was testing with the Clang Static Analyzer version 8. Version 10 no longer reports the warning.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.