From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 4B6BA38582BE; Wed, 23 Nov 2022 21:53:45 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 4B6BA38582BE DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1669240425; bh=v8syHm+lBhKvJQRM+0jCF316qjN435y0sptyiYvYk5E=; h=From:To:Subject:Date:From; b=gGWyj4kwW5vGmIAHVhaMTl68j68wvzl88qSNYsObROaLP1brklFnNKkd+KBX/6Cp5 bo7tXcVO+gG6+v5VoKtyHtI52dje9bWKezFi66Xksfwyl7YYSM2jCC43SihIMIpIPG Th9jsW+zRBckqGop8oPisl5gZkweplrQz49OAtVo= From: "dmalcolm at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug analyzer/107851] New: Issues with -Wanalyzer-allocation-size messages Date: Wed, 23 Nov 2022 21:53:34 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: analyzer X-Bugzilla-Version: 13.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: dmalcolm at gcc dot gnu.org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: dmalcolm at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D107851 Bug ID: 107851 Summary: Issues with -Wanalyzer-allocation-size messages Product: gcc Version: 13.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- Taken from gcc.dg/analyzer/allocation-size-2.c #include #include void test_2 (int32_t n) { int32_t *ptr =3D malloc (n * sizeof (int16_t)); free (ptr); } With "-fanalyzer" (https://godbolt.org/z/fKcdrrh3z) we get: : In function 'test_2': :6:18: warning: allocated buffer size is not a multiple of the pointee's size [CWE-131] [-Wanalyzer-allocation-size] 6 | int32_t *ptr =3D malloc (n * sizeof (int16_t)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'test_2': event 1 | | 6 | int32_t *ptr =3D malloc (n * sizeof (int16_t)); | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (1) allocated '(long unsigned int)n * 2' bytes and assigned to 'int32_t *' {aka 'int *'} here; 'sizeof (int32_t {aka int})= ' is '4' | :6:18: warning: allocated buffer size is not a multiple of the pointee's size [CWE-131] [-Wanalyzer-allocation-size] 'test_2': events 1-3 | | 6 | int32_t *ptr =3D malloc (n * sizeof (int16_t)); | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (1) allocated '(long unsigned int)n * 2' bytes here | | (2) allocated '(long unsigned int)n * 2' bytes here | | (3) assigned to 'int32_t *' {aka 'int *'} her= e; 'sizeof (int32_t {aka int})' is '4' | Compiler returned: 0 With "-fanalyzer -fanalyzer-fine-grained" ( https://godbolt.org/z/3fbvofPje= ) we get: : In function 'test_2': :6:18: warning: allocated buffer size is not a multiple of the pointee's size [CWE-131] [-Wanalyzer-allocation-size] 6 | int32_t *ptr =3D malloc (n * sizeof (int16_t)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'test_2': events 1-3 | | 6 | int32_t *ptr =3D malloc (n * sizeof (int16_t)); | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (1) allocated '(long unsigned int)n * 2' bytes here | | (2) allocated '(long unsigned int)n * 2' bytes here | | (3) assigned to 'int32_t *' {aka 'int *'} her= e; 'sizeof (int32_t {aka int})' is '4' | Compiler returned: 0 Issues: * note how the "allocated '(long unsigned int)n * 2' bytes here" message is repeated * note how we get a duplicate diagnostic, which goes away with -fanalyzer-fine-grained=