From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
 id 350163858C2C; Fri, 22 Apr 2022 12:12:19 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 350163858C2C
From: "tim.vanholder at anubex dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug c/105346] New: -Wno-free-nonheap-object false positive (on
 Bison-generated grammar code)
Date: Fri, 22 Apr 2022 12:12:19 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: c
X-Bugzilla-Version: 11.2.0
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: tim.vanholder at anubex dot com
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status
 bug_severity priority component assigned_to reporter target_milestone
Message-ID: <bug-105346-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: gcc-bugs@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-bugs mailing list <gcc-bugs.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Apr 2022 12:12:19 -0000

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D105346

            Bug ID: 105346
           Summary: -Wno-free-nonheap-object false positive (on
                    Bison-generated grammar code)
           Product: gcc
           Version: 11.2.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: tim.vanholder at anubex dot com
  Target Milestone: ---

Bison grammars (can) include code like

    /* The state stack: array, bottom, top.  */
    yy_state_t yyssa[YYINITDEPTH];
    yy_state_t *yyss =3D yyssa;
    yy_state_t *yyssp =3D yyss;

... (code that may allocate a larger stack if needed, in which case `yyss` =
and
`yyssp` get repointed)


  #ifndef yyoverflow
    if (yyss !=3D yyssa)
      YYSTACK_FREE (yyss);
  #endif

(with YYSTACK_FREE() expanding to free()).

For this gcc (Debian 11.2.0-19) 11.2.0 is reporting (with -Werror):

Linux/DML-grammar.cc:13901:18: error: =E2=80=98void free(void*)=E2=80=99 ca=
lled on unallocated
object =E2=80=98yyssa=E2=80=99 [-Werror=3Dfree-nonheap-object]
13901 |     YYSTACK_FREE (yyss);
Linux/DML-grammar.cc:5609:16: note: declared here
 5609 |     yy_state_t yyssa[YYINITDEPTH];
      |                ^~~~~

So it is tracing yyss to yyssa from its declaration, but is apparently not
seeing that there is an explicit test that yyss is not equal to yyssa around
the free.

(I'd test with a more recent version, but this is what I have available.)=