public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/100615] New: analyzer failed to report leak in rxtxcpu's parse_cpu_list
@ 2021-05-15 18:23 dmalcolm at gcc dot gnu.org
2021-05-17 20:56 ` [Bug analyzer/100615] " dmalcolm at gcc dot gnu.org
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2021-05-15 18:23 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100615
Bug ID: 100615
Summary: analyzer failed to report leak in rxtxcpu's
parse_cpu_list
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Target Milestone: ---
clang's static analyzer found this leak on an error-handling path:
https://github.com/stackpath/rxtxcpu/pull/42
which gcc's -fanalyzer failed to report.
Looking at the code, I see that the string is passed to strsep and to strtol,
which IIRC the analyzer doesn't have special knowledge of (perhaps the analyzer
is conservatively assuming that these could free the string?)
^ permalink raw reply [flat|nested] 5+ messages in thread* [Bug analyzer/100615] analyzer failed to report leak in rxtxcpu's parse_cpu_list
2021-05-15 18:23 [Bug analyzer/100615] New: analyzer failed to report leak in rxtxcpu's parse_cpu_list dmalcolm at gcc dot gnu.org
@ 2021-05-17 20:56 ` dmalcolm at gcc dot gnu.org
2021-05-18 16:31 ` cvs-commit at gcc dot gnu.org
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2021-05-17 20:56 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100615
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
Last reconfirmed| |2021-05-17
Status|UNCONFIRMED |ASSIGNED
--- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Testing a fix for this (it's the strsep call; the strtol is const).
^ permalink raw reply [flat|nested] 5+ messages in thread* [Bug analyzer/100615] analyzer failed to report leak in rxtxcpu's parse_cpu_list
2021-05-15 18:23 [Bug analyzer/100615] New: analyzer failed to report leak in rxtxcpu's parse_cpu_list dmalcolm at gcc dot gnu.org
2021-05-17 20:56 ` [Bug analyzer/100615] " dmalcolm at gcc dot gnu.org
@ 2021-05-18 16:31 ` cvs-commit at gcc dot gnu.org
2021-07-02 19:21 ` cvs-commit at gcc dot gnu.org
2021-07-02 19:30 ` dmalcolm at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-05-18 16:31 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100615
--- Comment #2 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:cd323d97d0592135ca4345701ef051659d8d4507
commit r12-884-gcd323d97d0592135ca4345701ef051659d8d4507
Author: David Malcolm <dmalcolm@redhat.com>
Date: Tue May 18 12:29:58 2021 -0400
analyzer: fix missing leak after call to strsep [PR100615]
PR analyzer/100615 reports a missing leak diagnostic.
The issue is that the code calls strsep which the analyzer doesn't
have special knowledge of, and so conservatively assumes that it
could free the pointer, so drops malloc state for it.
Properly "teaching" the analyzer about strsep would require it
to support bifurcating state at a call, which is currently fiddly to
do, so for now this patch notes that strsep doesn't affect the
malloc state machine, allowing the analyzer to correctly detect the leak.
gcc/analyzer/ChangeLog:
PR analyzer/100615
* sm-malloc.cc: Include "analyzer/function-set.h".
(malloc_state_machine::on_stmt): Call unaffected_by_call_p and
bail on the functions it recognizes.
(malloc_state_machine::unaffected_by_call_p): New.
gcc/testsuite/ChangeLog:
PR analyzer/100615
* gcc.dg/analyzer/pr100615.c: New test.
^ permalink raw reply [flat|nested] 5+ messages in thread* [Bug analyzer/100615] analyzer failed to report leak in rxtxcpu's parse_cpu_list
2021-05-15 18:23 [Bug analyzer/100615] New: analyzer failed to report leak in rxtxcpu's parse_cpu_list dmalcolm at gcc dot gnu.org
2021-05-17 20:56 ` [Bug analyzer/100615] " dmalcolm at gcc dot gnu.org
2021-05-18 16:31 ` cvs-commit at gcc dot gnu.org
@ 2021-07-02 19:21 ` cvs-commit at gcc dot gnu.org
2021-07-02 19:30 ` dmalcolm at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-07-02 19:21 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100615
--- Comment #3 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-11 branch has been updated by David Malcolm
<dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:8d58bfb78c8dc6f5bdf7786b96f26329e0d36b80
commit r11-8671-g8d58bfb78c8dc6f5bdf7786b96f26329e0d36b80
Author: David Malcolm <dmalcolm@redhat.com>
Date: Fri Jul 2 15:19:43 2021 -0400
analyzer: fix missing leak after call to strsep [PR100615]
PR analyzer/100615 reports a missing leak diagnostic.
The issue is that the code calls strsep which the analyzer doesn't
have special knowledge of, and so conservatively assumes that it
could free the pointer, so drops malloc state for it.
Properly "teaching" the analyzer about strsep would require it
to support bifurcating state at a call, which is currently fiddly to
do, so for now this patch notes that strsep doesn't affect the
malloc state machine, allowing the analyzer to correctly detect the leak.
gcc/analyzer/ChangeLog:
PR analyzer/100615
* sm-malloc.cc: Include "analyzer/function-set.h".
(malloc_state_machine::on_stmt): Call unaffected_by_call_p and
bail on the functions it recognizes.
(malloc_state_machine::unaffected_by_call_p): New.
gcc/testsuite/ChangeLog:
PR analyzer/100615
* gcc.dg/analyzer/pr100615.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 5+ messages in thread* [Bug analyzer/100615] analyzer failed to report leak in rxtxcpu's parse_cpu_list
2021-05-15 18:23 [Bug analyzer/100615] New: analyzer failed to report leak in rxtxcpu's parse_cpu_list dmalcolm at gcc dot gnu.org
` (2 preceding siblings ...)
2021-07-02 19:21 ` cvs-commit at gcc dot gnu.org
@ 2021-07-02 19:30 ` dmalcolm at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2021-07-02 19:30 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100615
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|ASSIGNED |RESOLVED
--- Comment #4 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Fixed on branch (for gcc 11.2) by above commit; marking as resolved.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-07-02 19:30 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-15 18:23 [Bug analyzer/100615] New: analyzer failed to report leak in rxtxcpu's parse_cpu_list dmalcolm at gcc dot gnu.org
2021-05-17 20:56 ` [Bug analyzer/100615] " dmalcolm at gcc dot gnu.org
2021-05-18 16:31 ` cvs-commit at gcc dot gnu.org
2021-07-02 19:21 ` cvs-commit at gcc dot gnu.org
2021-07-02 19:30 ` dmalcolm at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).