[Bug analyzer/105102] New: RFE: analyzer handling for asprintf and vasprintf

[Bug analyzer/105102] New: RFE: analyzer handling for asprintf and vasprintf

[dmalcolm at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105102

            Bug ID: 105102
           Summary: RFE: analyzer handling for asprintf and vasprintf
           Product: gcc
           Version: 12.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: analyzer
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: dmalcolm at gcc dot gnu.org
  Target Milestone: ---

(spotted while fixing PR analyzer/105087)

We don't yet have any special-casing of asprintf and vasprintf, and there
doesn't seem to be a way to express their behavior with attributes.

Would be nice to bifurcate state, and:
- on success, track that *ARG is to be freed with free (and thus we can detect
memory leaks, wrong deallocator, etc),
- on failure, *ARG is undefined; exactly what we should do here is unclear
(what exactly does glibc do?  https://linux.die.net/man/3/vasprintf says that
the "FreeBSD implementation sets strp to NULL on error.", presumably it means
*strp; ee PR 44435).

Maybe we need a new kind of poisoned_svalue "undefined" for the error case,
since there's no guarantee made about what the state of *ARG is?

[Bug analyzer/105102] RFE: analyzer handling for asprintf and vasprintf

[dmalcolm at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105102

--- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
See also bug 113277