public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "alx at kernel dot org" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug analyzer/109335] -Wanalyzer-malloc-leak false positives and false negatives Date: Wed, 15 May 2024 13:58:36 +0000 [thread overview] Message-ID: <bug-109335-4-XDQyMIephh@http.gcc.gnu.org/bugzilla/> (raw) In-Reply-To: <bug-109335-4@http.gcc.gnu.org/bugzilla/> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109335 --- Comment #4 from Alejandro Colomar <alx at kernel dot org> --- Here's a smaller reproducer: $ cat pass.c #include <stdlib.h> void my_free(char *p); [[gnu::malloc(my_free)]] char *my_malloc(void); int main(void) { char *p; p = my_malloc(); my_free(p); // 2 false positives. } char *my_malloc(void) { return malloc(42); } void my_free(char *p) { free(p); } $ gcc-14 -Wall -Wextra pass.c -fanalyzer -O3 pass.c: In function ‘main’: pass.c:10:9: warning: ‘p’ should have been deallocated with ‘free’ but was deallocated with ‘my_free’ [CWE-762] [-Wanalyzer-mismatching-deallocation] 10 | my_free(p); // 2 false positives. | ^~~~~~~~~~ ‘main’: events 1-2 | | 6 | int main(void) | | ^~~~ | | | | | (1) entry to ‘main’ |...... | 9 | p = my_malloc(); | | ~~~~~~~~~~~ | | | | | (2) calling ‘my_malloc’ from ‘main’ | +--> ‘my_malloc’: events 3-4 | | 13 | char *my_malloc(void) | | ^~~~~~~~~ | | | | | (3) entry to ‘my_malloc’ | 14 | { | 15 | return malloc(42); | | ~~~~~~~~~~ | | | | | (4) allocated here (expects deallocation with ‘free’) | <------+ | ‘main’: events 5-6 | | 9 | p = my_malloc(); | | ^~~~~~~~~~~ | | | | | (5) returning to ‘main’ from ‘my_malloc’ | 10 | my_free(p); // 2 false positives. | | ~~~~~~~~~~ | | | | | (6) deallocated with ‘my_free’ here; allocation at (4) expects deallocation with ‘free’ | pass.c: In function ‘my_malloc’: pass.c:15:16: warning: leak of ‘p’ [CWE-401] [-Wanalyzer-malloc-leak] 15 | return malloc(42); | ^~~~~~~~~~ ‘main’: events 1-3 | | 6 | int main(void) | | ^~~~ | | | | | (1) entry to ‘main’ |...... | 9 | p = my_malloc(); | | ~~~~~~~~~~~ | | | | | (2) allocated here | | (3) calling ‘my_malloc’ from ‘main’ | +--> ‘my_malloc’: events 4-5 | | 13 | char *my_malloc(void) | | ^~~~~~~~~ | | | | | (4) entry to ‘my_malloc’ | 14 | { | 15 | return malloc(42); | | ~~~~~~~~~~ | | | | | (5) ‘p’ leaks here; was allocated at (2) |
prev parent reply other threads:[~2024-05-15 13:58 UTC|newest] Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-03-29 14:03 [Bug analyzer/109335] New: " colomar.6.4.3 at gmail dot com 2023-05-05 11:13 ` [Bug analyzer/109335] " colomar.6.4.3 at gmail dot com 2024-05-15 7:16 ` alx at kernel dot org 2024-05-15 7:42 ` alx at kernel dot org 2024-05-15 13:58 ` alx at kernel dot org [this message]
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-109335-4-XDQyMIephh@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).