public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/113990] New: -Wanalyzer-malloc-leak false positive with [[gnu::malloc(free)]] and a realloc() wrapper
@ 2024-02-19 12:45 alx at kernel dot org
0 siblings, 0 replies; only message in thread
From: alx at kernel dot org @ 2024-02-19 12:45 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113990
Bug ID: 113990
Summary: -Wanalyzer-malloc-leak false positive with
[[gnu::malloc(free)]] and a realloc() wrapper
Product: gcc
Version: 13.2.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: alx at kernel dot org
Target Milestone: ---
When wrapping realloc(3) and marking the wrapper as [[gnu::malloc(free)]],
-fanalyzer complains about a leak.
```c
#include <stddef.h>
#include <stdlib.h>
[[gnu::malloc(free)]]
static char *addchar(size_t *restrict n, char *restrict cc, char c);
int
main(int argc, char *argv[])
{
char *cc = NULL;
size_t n = 0;
for (int i = 0; i < argc; i++)
cc = addchar(&n, cc, argv[i][0]);
free(cc);
exit(EXIT_SUCCESS);
}
static char *
addchar(size_t *restrict n, char *restrict cc, char c)
{
cc = realloc(cc, ++*n);
if (cc == NULL)
exit(EXIT_FAILURE);
cc[*n - 1] = c;
return cc;
}
```
$ gcc-14 -Wall -Wextra leak.c -fanalyzer
leak.c: In function ‘addchar’:
leak.c:32:16: warning: leak of ‘cc’ [CWE-401] [-Wanalyzer-malloc-leak]
32 | return cc;
| ^~
‘main’: events 1-5
|
| 10 | main(int argc, char *argv[])
| | ^~~~
| | |
| | (1) entry to ‘main’
|......
| 15 | for (int i = 0; i < argc; i++)
| | ~~~~~~~~
| | |
| | (2) following ‘true’ branch (when ‘i <
argc’)...
| 16 | cc = addchar(&n, cc, argv[i][0]);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | | |
| | | (3) ...to here
| | (4) allocated here
| | (5) calling ‘addchar’ from ‘main’
|
+--> ‘addchar’: events 6-10
|
| 24 | addchar(size_t *restrict n, char *restrict cc, char c)
| | ^~~~~~~
| | |
| | (6) entry to ‘addchar’
| 25 | {
| 26 | cc = realloc(cc, ++*n);
| | ~~~~~~~~~~~~~~~~~
| | |
| | (7) when ‘realloc’ succeeds, moving buffer
| 27 | if (cc == NULL)
| | ~
| | |
| | (8) following ‘false’ branch (when ‘cc’ is
non-NULL)...
|......
| 30 | cc[*n - 1] = c;
| | ~~
| | |
| | (9) ...to here
| 31 |
| 32 | return cc;
| | ~~
| | |
| | (10) ‘cc’ leaks here; was allocated at (4)
|
It is reproducible in both of these:
alx@debian:~/tmp$ gcc-14 --version | head -n1
gcc-14 (Debian 14-20240201-3) 14.0.1 20240131 (experimental) [master
r14-8680-g2f14c0dbb78]
alx@debian:~/tmp$ gcc-13 --version | head -n1
gcc-13 (Debian 13.2.0-13) 13.2.0
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-02-19 12:45 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-02-19 12:45 [Bug analyzer/113990] New: -Wanalyzer-malloc-leak false positive with [[gnu::malloc(free)]] and a realloc() wrapper alx at kernel dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).