public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "alx at kernel dot org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug analyzer/109335] -Wanalyzer-malloc-leak false positives and false negatives
Date: Wed, 15 May 2024 13:58:36 +0000 [thread overview]
Message-ID: <bug-109335-4-XDQyMIephh@http.gcc.gnu.org/bugzilla/> (raw)
In-Reply-To: <bug-109335-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109335
--- Comment #4 from Alejandro Colomar <alx at kernel dot org> ---
Here's a smaller reproducer:
$ cat pass.c
#include <stdlib.h>
void my_free(char *p);
[[gnu::malloc(my_free)]] char *my_malloc(void);
int main(void)
{
char *p;
p = my_malloc();
my_free(p); // 2 false positives.
}
char *my_malloc(void)
{
return malloc(42);
}
void my_free(char *p)
{
free(p);
}
$ gcc-14 -Wall -Wextra pass.c -fanalyzer -O3
pass.c: In function ‘main’:
pass.c:10:9: warning: ‘p’ should have been deallocated with ‘free’ but was
deallocated with ‘my_free’ [CWE-762] [-Wanalyzer-mismatching-deallocation]
10 | my_free(p); // 2 false positives.
| ^~~~~~~~~~
‘main’: events 1-2
|
| 6 | int main(void)
| | ^~~~
| | |
| | (1) entry to ‘main’
|......
| 9 | p = my_malloc();
| | ~~~~~~~~~~~
| | |
| | (2) calling ‘my_malloc’ from ‘main’
|
+--> ‘my_malloc’: events 3-4
|
| 13 | char *my_malloc(void)
| | ^~~~~~~~~
| | |
| | (3) entry to ‘my_malloc’
| 14 | {
| 15 | return malloc(42);
| | ~~~~~~~~~~
| | |
| | (4) allocated here (expects deallocation
with ‘free’)
|
<------+
|
‘main’: events 5-6
|
| 9 | p = my_malloc();
| | ^~~~~~~~~~~
| | |
| | (5) returning to ‘main’ from ‘my_malloc’
| 10 | my_free(p); // 2 false positives.
| | ~~~~~~~~~~
| | |
| | (6) deallocated with ‘my_free’ here; allocation at (4)
expects deallocation with ‘free’
|
pass.c: In function ‘my_malloc’:
pass.c:15:16: warning: leak of ‘p’ [CWE-401] [-Wanalyzer-malloc-leak]
15 | return malloc(42);
| ^~~~~~~~~~
‘main’: events 1-3
|
| 6 | int main(void)
| | ^~~~
| | |
| | (1) entry to ‘main’
|......
| 9 | p = my_malloc();
| | ~~~~~~~~~~~
| | |
| | (2) allocated here
| | (3) calling ‘my_malloc’ from ‘main’
|
+--> ‘my_malloc’: events 4-5
|
| 13 | char *my_malloc(void)
| | ^~~~~~~~~
| | |
| | (4) entry to ‘my_malloc’
| 14 | {
| 15 | return malloc(42);
| | ~~~~~~~~~~
| | |
| | (5) ‘p’ leaks here; was allocated at (2)
|
prev parent reply other threads:[~2024-05-15 13:58 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-29 14:03 [Bug analyzer/109335] New: " colomar.6.4.3 at gmail dot com
2023-05-05 11:13 ` [Bug analyzer/109335] " colomar.6.4.3 at gmail dot com
2024-05-15 7:16 ` alx at kernel dot org
2024-05-15 7:42 ` alx at kernel dot org
2024-05-15 13:58 ` alx at kernel dot org [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-109335-4-XDQyMIephh@http.gcc.gnu.org/bugzilla/ \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-bugs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).