False negative caused by alloca/atol or type conversion

[tianxinghe]

version: clang/llvm
git rev-parse HEAD
6dda3b1
2025-10-20 20:10:22 +0530

This case requires an input value, which I set to 128.
Line 22 triggers a null pointer dereference bug, but CSA fails to detect this bug.
https://godbolt.org/z/PT5Gv55GP

If this line can be commented out, CSA can discover bugs normally:
a_2 = (char*) alloca(sizeof(char));

If the 14th line is changed to this, CSA can also detect the bug:
if (((char)*p_2) > 0) {

[llvmbot]

@llvm/issue-subscribers-clang-static-analyzer

Author: Tianxing He (tianxinghe)

Details

version: clang/llvm git rev-parse HEAD 6dda3b1 2025-10-20 20:10:22 +0530

This case requires an input value, which I set to 128.
Line 22 triggers a null pointer dereference bug, but CSA fails to detect this bug.
https://godbolt.org/z/PT5Gv55GP

If this line can be commented out, CSA can discover bugs normally:
a_2 = (char*) alloca(sizeof(char));

If the 14th line is changed to this, CSA can also detect the bug:
if (((char)*p_2) > 0) {

[steakhal]

My guess would be that this relates to reinterpret-casts, which falls under the cast modeling umbrella #42709.