From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id F3EA4382C174; Thu, 16 Jun 2022 15:21:25 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org F3EA4382C174 From: "dmalcolm at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug analyzer/106003] New: RFE: -fanalyzer could complain about misuse of file-descriptors Date: Thu, 16 Jun 2022 15:21:25 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: analyzer X-Bugzilla-Version: 12.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: dmalcolm at gcc dot gnu.org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: dmalcolm at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jun 2022 15:21:26 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D106003 Bug ID: 106003 Summary: RFE: -fanalyzer could complain about misuse of file-descriptors Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- -fanalyzer could be extended to check POSIX file-descriptor APIs ("int" rat= her than FILE *). e.g. - check for FD leaks - check for double "close" of a FD (CWE-1341, I believe) - check for read/write of a closed descriptor - check for read/write of a descriptor opened for just writing/reading etc Immad Mir is looking at this for GSoC 2022. Example of a "double file-descriptor close" bug: http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2019-13351 albeit in C++.=