public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/106539] New: -fanalyzer doesn't consider that realloc could shrink the buffer
@ 2022-08-05 16:30 dmalcolm at gcc dot gnu.org
2022-08-12 9:14 ` [Bug analyzer/106539] " cvs-commit at gcc dot gnu.org
0 siblings, 1 reply; 2+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-08-05 16:30 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106539
Bug ID: 106539
Summary: -fanalyzer doesn't consider that realloc could shrink
the buffer
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Target Milestone: ---
realloc's success_with_move::update_model uses the new size of the buffer when
copying the contents of the old buffer, rather the minimum of the old and new
sizes - I hadn't thought of the "shrinks the buffer" case.
Consider:
#include <stdlib.h>
void *test (void)
{
void **p = (void **)malloc (sizeof (void *) * 2);
if (!p)
return NULL;
p[0] = malloc(10);
p[1] = malloc(20); /* will be leaked if p is shrunk (e.g. during a move) */
void *q = realloc (p, sizeof (void *));
if (!q)
return p;
return q;
}
-fanalyzer probably ought to complain about a leak of p[1] after p is shrunk,
but doesn't at the moment.
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Bug analyzer/106539] -fanalyzer doesn't consider that realloc could shrink the buffer
2022-08-05 16:30 [Bug analyzer/106539] New: -fanalyzer doesn't consider that realloc could shrink the buffer dmalcolm at gcc dot gnu.org
@ 2022-08-12 9:14 ` cvs-commit at gcc dot gnu.org
0 siblings, 0 replies; 2+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-08-12 9:14 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106539
--- Comment #1 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Tim Lange <tlange@gcc.gnu.org>:
https://gcc.gnu.org/g:2b75b3b6a4ddc0d65a84a0cc4b00c47ae70e52c0
commit r13-2028-g2b75b3b6a4ddc0d65a84a0cc4b00c47ae70e52c0
Author: Tim Lange <mail@tim-lange.me>
Date: Fri Aug 12 10:26:14 2022 +0200
analyzer: consider that realloc could shrink the buffer [PR106539]
This patch adds the "shrinks buffer" case to the success_with_move
modelling of realloc.
Regression-tested on Linux x86-64, further ran the analyzer tests with
the -m32 option.
2022-08-11 Tim Lange <mail@tim-lange.me>
gcc/analyzer/ChangeLog:
PR analyzer/106539
* region-model-impl-calls.cc (region_model::impl_call_realloc):
Use the result of get_copied_size as the size for the
sized_regions in realloc.
(success_with_move::get_copied_size): New function.
gcc/testsuite/ChangeLog:
PR analyzer/106539
* gcc.dg/analyzer/pr106539.c: New test.
* gcc.dg/analyzer/realloc-5.c: New test.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-08-12 9:14 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-05 16:30 [Bug analyzer/106539] New: -fanalyzer doesn't consider that realloc could shrink the buffer dmalcolm at gcc dot gnu.org
2022-08-12 9:14 ` [Bug analyzer/106539] " cvs-commit at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).