Post Syndicated from original https://lwn.net/Articles/933380/

David Malcolm writes
about a number of new features that have been added to the static
analyzer in the GCC 13 release.

The above example makes the common mistake with C-style strings of
forgetting the null terminator when computing how much space to
allocate for str.

GCC 13’s -fanalyzer option now keeps track of the sizes of
dynamically allocated buffers, and for many cases it checks the
simulated memory reads and writes against the sizes of the relevant
buffers. With this new work it detects the above problem.