From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 039743858D39; Tue, 14 Mar 2023 09:41:05 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 039743858D39 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1678786866; bh=qGVDCaSbfhJpBoLxTPXjncyLnpELVDPcf12NGi6eK58=; h=From:To:Subject:Date:From; b=vWWYHjl2UDDTwgDrS1WUvlOHgCzfQ8KVse2uagj38stsXYn/5jAEUfXaBWGNeShUa RuaC7Gy0ccMLD/HOtIn81agMeEsbkJ1e8lFvPBnWD6hbE4OA9b/+08a/rlG2btCBUr C7vnzQs3yKGwCKezc+VrV1oIxikzK/l3j0zEItF4= From: "manu at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug c/109123] New: Bogus warning: pointer used after 'realloc' -Wuse-after-free Date: Tue, 14 Mar 2023 09:41:04 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: c X-Bugzilla-Version: 12.2.1 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: manu at gcc dot gnu.org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D109123 Bug ID: 109123 Summary: Bogus warning: pointer used after 'realloc' -Wuse-after-free Product: gcc Version: 12.2.1 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c Assignee: unassigned at gcc dot gnu.org Reporter: manu at gcc dot gnu.org Target Milestone: --- ```c typedef long unsigned int size_t; extern void *realloc (void *__ptr, size_t __size) __attribute__ ((__nothrow__ , __leaf__)) __attribute__ ((__warn_unused_result__)) __attribute__ ((__alloc_size__ (2))); struct vector_objective;=20 typedef struct vector_objective vector_objective; struct vector_objective { double *_begin; double *_end; double *_capacity; = }; static inline size_t vector_objective_size(const vector_objective * v) {=20 return v->_end - v->_begin;=20 } static inline size_t vector_objective_capacity(const vector_objective * v) { return v->_capacity - v->_begin; } static inline void vector_objective_reserve(vector_objective * v, size_t n)= { size_t old_capacity =3D vector_objective_capacity(v); size_t old_size =3D vector_objective_size(v); if (n > old_capacity) { v->_begin =3D realloc(v->_begin, sizeof(double) * n); v->_end =3D v->_begin + old_size; v->_capacity =3D v->_begin + n; } } static inline void vector_objective_push_back(vector_objective * v, double = x) { if (v->_end =3D=3D v->_capacity) vector_objective_reserve (v, (vector_objective_capacity (v) =3D=3D = 0) ? 8 : 2 * vector_objective_capacity (v)); *(v->_end) =3D x; v->_end++; } typedef struct { vector_objective xy; } eaf_polygon_t; int rectangle_add(eaf_polygon_t * regions, double lx) { vector_objective_push_back(®ions->xy, lx); return 0; } ``` With -Wall -c -O2 produces: In function 'vector_objective_size', inlined from 'vector_objective_reserve' at :15:23, inlined from 'vector_objective_push_back' at :24:9, inlined from 'rectangle_add' at :38:5: :8:20: warning: pointer used after 'realloc' [-Wuse-after-free] 8 | return v->_end - v->_begin; | ^ In function 'vector_objective_reserve', inlined from 'vector_objective_push_back' at :24:9, inlined from 'rectangle_add' at :38:5: :17:21: note: call to 'realloc' here 17 | v->_begin =3D realloc(v->_begin, sizeof(double) * n); |=20 But the use occurs before not after the realloc.=