From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
 id A60D23857C51; Tue,  8 Feb 2022 23:01:28 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org A60D23857C51
From: "msebor at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug c/81524] Bogus or missing warnings when dereferencing pointer
 to deallocated stack memory
Date: Tue, 08 Feb 2022 23:01:28 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: c
X-Bugzilla-Version: 7.1.0
X-Bugzilla-Keywords: diagnostic
X-Bugzilla-Severity: normal
X-Bugzilla-Who: msebor at gcc dot gnu.org
X-Bugzilla-Status: RESOLVED
X-Bugzilla-Resolution: FIXED
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: 12.0
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: cc bug_status target_milestone resolution blocked
Message-ID: <bug-81524-4-00m0QZAdCD@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-81524-4@http.gcc.gnu.org/bugzilla/>
References: <bug-81524-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: gcc-bugs@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-bugs mailing list <gcc-bugs.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Feb 2022 23:01:28 -0000

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D81524

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |msebor at gcc dot gnu.org
             Status|NEW                         |RESOLVED
   Target Milestone|---                         |12.0
         Resolution|---                         |FIXED
             Blocks|                            |104077

--- Comment #6 from Martin Sebor <msebor at gcc dot gnu.org> ---
As far as I can see this works as requested without sanitization in GCC 12:

$ (set -x; for p in PARAM RETURN BLOCK; do for m in READ WRITE; do gcc
-DTEST_${p}_$m -S -Wall pr81524.c; done; done)
+ for p in PARAM RETURN BLOCK
+ for m in READ WRITE
+ gcc -DTEST_PARAM_READ -S -Wall pr81524.c
pr81524.c: In function =E2=80=98test_param_local=E2=80=99:
pr81524.c:33:7: warning: storing the address of local variable =E2=80=98loc=
al=E2=80=99 in =E2=80=98*pp=E2=80=99
[-Wdangling-pointer=3D]
   33 |   *pp =3D &local;
      |   ~~~~^~~~~~~~
pr81524.c:32:7: note: =E2=80=98local=E2=80=99 declared here
   32 |   int local =3D 1;
      |       ^~~~~
pr81524.c:32:7: note: =E2=80=98pp=E2=80=99 declared here
+ for m in READ WRITE
+ gcc -DTEST_PARAM_WRITE -S -Wall pr81524.c
pr81524.c: In function =E2=80=98test_param_local=E2=80=99:
pr81524.c:33:7: warning: storing the address of local variable =E2=80=98loc=
al=E2=80=99 in =E2=80=98*pp=E2=80=99
[-Wdangling-pointer=3D]
   33 |   *pp =3D &local;
      |   ~~~~^~~~~~~~
pr81524.c:32:7: note: =E2=80=98local=E2=80=99 declared here
   32 |   int local =3D 1;
      |       ^~~~~
pr81524.c:32:7: note: =E2=80=98pp=E2=80=99 declared here
+ for p in PARAM RETURN BLOCK
+ for m in READ WRITE
+ gcc -DTEST_RETURN_READ -S -Wall pr81524.c
pr81524.c: In function =E2=80=98test_return_local=E2=80=99:
pr81524.c:42:10: warning: function returns address of local variable
[-Wreturn-local-addr]
   42 |   return &local;
      |          ^~~~~~
+ for m in READ WRITE
+ gcc -DTEST_RETURN_WRITE -S -Wall pr81524.c
pr81524.c: In function =E2=80=98test_return_local=E2=80=99:
pr81524.c:42:10: warning: function returns address of local variable
[-Wreturn-local-addr]
   42 |   return &local;
      |          ^~~~~~
+ for p in PARAM RETURN BLOCK
+ for m in READ WRITE
+ gcc -DTEST_BLOCK_READ -S -Wall pr81524.c
pr81524.c: In function =E2=80=98main=E2=80=99:
pr81524.c:88:10: warning: using dangling pointer =E2=80=98p=E2=80=99 to =E2=
=80=98local=E2=80=99
[-Wdangling-pointer=3D]
   88 |   return *p;
      |          ^~
pr81524.c:76:9: note: =E2=80=98local=E2=80=99 declared here
   76 |     int local =3D 1;
      |         ^~~~~
pr81524.c:81:3: warning: using dangling pointer =E2=80=98p=E2=80=99 to =E2=
=80=98local=E2=80=99
[-Wdangling-pointer=3D]
   81 |   printf("%d\n", *p);
      |   ^~~~~~~~~~~~~~~~~~
pr81524.c:76:9: note: =E2=80=98local=E2=80=99 declared here
   76 |     int local =3D 1;
      |         ^~~~~
+ for m in READ WRITE
+ gcc -DTEST_BLOCK_WRITE -S -Wall pr81524.c
pr81524.c: In function =E2=80=98main=E2=80=99:
pr81524.c:88:10: warning: using dangling pointer =E2=80=98p=E2=80=99 to =E2=
=80=98local=E2=80=99
[-Wdangling-pointer=3D]
   88 |   return *p;
      |          ^~
pr81524.c:76:9: note: =E2=80=98local=E2=80=99 declared here
   76 |     int local =3D 1;
      |         ^~~~~
pr81524.c:84:6: warning: using dangling pointer =E2=80=98p=E2=80=99 to =E2=
=80=98local=E2=80=99
[-Wdangling-pointer=3D]
   84 |   *p =3D 1;
      |   ~~~^~~
pr81524.c:76:9: note: =E2=80=98local=E2=80=99 declared here
   76 |     int local =3D 1;
      |         ^~~~~


Referenced Bugs:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D104077
[Bug 104077] bogus/missing -Wdangling-pointer=