public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/112543] New: warning pointer used after free() for printf("%p")
@ 2023-11-15 10:53 mario at klebsch dot de
2023-11-15 11:02 ` [Bug c/112543] " schwab@linux-m68k.org
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: mario at klebsch dot de @ 2023-11-15 10:53 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112543
Bug ID: 112543
Summary: warning pointer used after free() for printf("%p")
Product: gcc
Version: 13.2.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: mario at klebsch dot de
Target Milestone: ---
Created attachment 56592
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=56592&action=edit
main.c preprocessed by gcc
Hello,
Compiling the following program with -Wall gives a use-after-free warning:
----8<--------8<--------8<--------8<--------8<--------8<----
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char *argv[])
{
char* p = (char*)malloc(5);
printf("allocated %p\n", p);
free(p);
printf("freed %p\n", p);
}
----8<--------8<--------8<--------8<--------8<--------8<----
Compiling with gcc gives this output:
mkl@C707 ~/tmp/g++-bug $ gcc -Wall main.c -o main
main.c: In function ‘main’:
main.c:9:9: warning: pointer ‘p’ used after ‘free’ [-Wuse-after-free]
9 | printf("freed %p\n", p);
| ^~~~~~~~~~~~~~~~~~~~~~~
main.c:8:9: note: call to ‘free’ here
8 | free(p);
| ^~~~~~~
mkl@C707 ~/tmp/g++-bug $ gcc --version
gcc (Gentoo 13.2.1_p20230826 p7) 13.2.1 20230826
Copyright (C) 2023 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
mkl@C707 ~/tmp/g++-bug $
Compiling with g++:
mkl@C707 ~/tmp/g++-bug $ g++ -Wall main.cpp -o main
main.cpp: In function ‘int main(int, char**)’:
main.cpp:9:15: warning: pointer ‘p’ used after ‘void free(void*)’
[-Wuse-after-free]
9 | printf("freed %p\n", p);
| ~~~~~~^~~~~~~~~~~~~~~~~
main.cpp:8:13: note: call to ‘void free(void*)’ here
8 | free(p);
| ~~~~^~~
mkl@C707 ~/tmp/g++-bug $ g++ --version
g++ (Gentoo 13.2.1_p20230826 p7) 13.2.1 20230826
Copyright (C) 2023 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
mkl@C707 ~/tmp/g++-bug $
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug c/112543] warning pointer used after free() for printf("%p")
2023-11-15 10:53 [Bug c/112543] New: warning pointer used after free() for printf("%p") mario at klebsch dot de
@ 2023-11-15 11:02 ` schwab@linux-m68k.org
2023-11-15 12:00 ` rguenth at gcc dot gnu.org
2023-11-15 22:36 ` xry111 at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: schwab@linux-m68k.org @ 2023-11-15 11:02 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112543
--- Comment #1 from Andreas Schwab <schwab@linux-m68k.org> ---
J.2 Undefined behavior
(180) The value of a pointer that refers to space deallocated by a call to the
free or realloc function is used (7.24.3).
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug c/112543] warning pointer used after free() for printf("%p")
2023-11-15 10:53 [Bug c/112543] New: warning pointer used after free() for printf("%p") mario at klebsch dot de
2023-11-15 11:02 ` [Bug c/112543] " schwab@linux-m68k.org
@ 2023-11-15 12:00 ` rguenth at gcc dot gnu.org
2023-11-15 22:36 ` xry111 at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: rguenth at gcc dot gnu.org @ 2023-11-15 12:00 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112543
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |104075
Keywords| |diagnostic
--- Comment #2 from Richard Biener <rguenth at gcc dot gnu.org> ---
Yeah, this is diagnosed on purpose ...
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104075
[Bug 104075] bogus/missing -Wuse-after-free
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug c/112543] warning pointer used after free() for printf("%p")
2023-11-15 10:53 [Bug c/112543] New: warning pointer used after free() for printf("%p") mario at klebsch dot de
2023-11-15 11:02 ` [Bug c/112543] " schwab@linux-m68k.org
2023-11-15 12:00 ` rguenth at gcc dot gnu.org
@ 2023-11-15 22:36 ` xry111 at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: xry111 at gcc dot gnu.org @ 2023-11-15 22:36 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112543
Xi Ruoyao <xry111 at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |INVALID
Status|UNCONFIRMED |RESOLVED
CC| |xry111 at gcc dot gnu.org
--- Comment #3 from Xi Ruoyao <xry111 at gcc dot gnu.org> ---
I think the warning message is correct. It says "pointer ‘p’ used after...",
not "pointer 'p' dereferenced after ...".
And as Andreas explained, *using* the value of p (without dereferencing) is
enough to invoke an undefined behavior.
Closing as invalid.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-11-15 22:36 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-11-15 10:53 [Bug c/112543] New: warning pointer used after free() for printf("%p") mario at klebsch dot de
2023-11-15 11:02 ` [Bug c/112543] " schwab@linux-m68k.org
2023-11-15 12:00 ` rguenth at gcc dot gnu.org
2023-11-15 22:36 ` xry111 at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).