[Bug c/109123] New: Bogus warning: pointer used after 'realloc' -Wuse-after-free

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

From: "manu at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug c/109123] New: Bogus warning: pointer used after 'realloc' -Wuse-after-free
Date: Tue, 14 Mar 2023 09:41:04 +0000	[thread overview]
Message-ID: <bug-109123-4@http.gcc.gnu.org/bugzilla/> (raw)

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109123

            Bug ID: 109123
           Summary: Bogus warning: pointer used after 'realloc'
                    -Wuse-after-free
           Product: gcc
           Version: 12.2.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: manu at gcc dot gnu.org
  Target Milestone: ---

```c
typedef long unsigned int size_t;
extern void *realloc (void *__ptr, size_t __size)
     __attribute__ ((__nothrow__ , __leaf__)) __attribute__
((__warn_unused_result__)) __attribute__ ((__alloc_size__ (2)));
struct vector_objective; 
typedef struct vector_objective vector_objective;
struct vector_objective { double *_begin; double *_end; double *_capacity; };
static inline size_t vector_objective_size(const vector_objective * v) { 
    return v->_end - v->_begin; 
}
static inline size_t vector_objective_capacity(const vector_objective * v) {
    return v->_capacity - v->_begin;
}
static inline void vector_objective_reserve(vector_objective * v, size_t n) {
    size_t old_capacity = vector_objective_capacity(v);
    size_t old_size = vector_objective_size(v);
    if (n > old_capacity) {
        v->_begin = realloc(v->_begin, sizeof(double) * n);
        v->_end = v->_begin + old_size;
        v->_capacity = v->_begin + n;
    }
}
static inline void vector_objective_push_back(vector_objective * v, double x) {
    if (v->_end == v->_capacity)
        vector_objective_reserve (v, (vector_objective_capacity (v) == 0) ? 8 :
2 * vector_objective_capacity (v));
    *(v->_end) = x;
    v->_end++;
}

typedef struct {
    vector_objective xy;
} eaf_polygon_t;


int
rectangle_add(eaf_polygon_t * regions, double lx)
{

    vector_objective_push_back(&regions->xy, lx);
    return 0;
}
```

With -Wall -c -O2 produces:

In function 'vector_objective_size',
    inlined from 'vector_objective_reserve' at <source>:15:23,
    inlined from 'vector_objective_push_back' at <source>:24:9,
    inlined from 'rectangle_add' at <source>:38:5:
<source>:8:20: warning: pointer used after 'realloc' [-Wuse-after-free]
    8 |     return v->_end - v->_begin;
      |                    ^
In function 'vector_objective_reserve',
    inlined from 'vector_objective_push_back' at <source>:24:9,
    inlined from 'rectangle_add' at <source>:38:5:
<source>:17:21: note: call to 'realloc' here
   17 |         v->_begin = realloc(v->_begin, sizeof(double) * n);
      | 

But the use occurs before not after the realloc.

next             reply	other threads:[~2023-03-14  9:41 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-03-14  9:41 manu at gcc dot gnu.org [this message]
2023-03-14  9:44 ` [Bug c/109123] Bogus warning: pointer used after 'realloc' -Wuse-after-free with -O2 manu at gcc dot gnu.org
2023-03-14  9:48 ` manu at gcc dot gnu.org
2023-03-14  9:55 ` rguenth at gcc dot gnu.org
2023-03-14 10:00 ` manu at gcc dot gnu.org
2023-03-14 10:03 ` manu at gcc dot gnu.org
2023-03-14 10:22 ` manu at gcc dot gnu.org
2023-03-14 12:17 ` rguenth at gcc dot gnu.org
2023-03-14 12:51 ` manu at gcc dot gnu.org
2023-03-15  8:16 ` rguenth at gcc dot gnu.org
2023-03-16  7:30 ` cvs-commit at gcc dot gnu.org
2023-03-16  7:31 ` [Bug c/109123] [12 Regression] " rguenth at gcc dot gnu.org
2023-05-08 12:26 ` [Bug tree-optimization/109123] " rguenth at gcc dot gnu.org

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-109123-4@http.gcc.gnu.org/bugzilla/ \
    --to=gcc-bugzilla@gcc.gnu.org \
    --cc=gcc-bugs@gcc.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).