public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/94365] New: false positive leak when using container_of-like constructs
@ 2020-03-27 18:17 npfhrotynz-ptnqh.myvf at noclue dot notk.org
2021-06-12 9:19 ` [Bug analyzer/94365] " dimitri at ouroboros dot rocks
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: npfhrotynz-ptnqh.myvf at noclue dot notk.org @ 2020-03-27 18:17 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94365
Bug ID: 94365
Summary: false positive leak when using container_of-like
constructs
Product: gcc
Version: 10.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: npfhrotynz-ptnqh.myvf at noclue dot notk.org
Target Milestone: ---
Created attachment 48136
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=48136&action=edit
test program.c
First, thanks for this awesome feature! I'm not sure how "ready" it is, but
there are other open bugs and I did not see this one, so here goes...
I'm often using patterns where I return a pointer to an inner field of a struct
and then use it with container_of later on.
The attached example program gives two warnings; only the first one is
interesting to me but figured I could cite both since I stumbled on the second
when writing the reproducer...
-----------------------------------------------------------------------------
In function ‘foo’:
t.c:22:9: warning: leak of ‘a’ [CWE-401] [-Wanalyzer-malloc-leak]
22 | return &a->b;
| ^~~~~
‘foo’: events 1-5
|
| 14 | struct container *a = malloc(sizeof(*a));
| | ^~~~~~~~~~~~~~~~~~
| | |
| | (1) allocated here
|......
| 19 | if (!a)
| | ~
| | |
| | (2) assuming ‘a’ is non-NULL
| | (3) following ‘false’ branch (when ‘a’ is non-NULL)...
|......
| 22 | return &a->b;
| | ~~~~~
| | |
| | (4) ...to here
| | (5) ‘a’ leaks here; was allocated at (1)
|
-----------------------------------------------------------------------------
In function ‘main’:
t.c:41:2: warning: ‘free’ of ‘<unknown>’ which points to memory not on the heap
[CWE-590] [-Wanalyzer-free-of-non-heap]
41 | free(container_of(b, struct container, b));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
‘main’: events 1-2
|
| 29 | int main() {
| | ^~~~
| | |
| | (1) entry to ‘main’
| 30 | struct a_struct *b = foo();
| | ~~~~~
| | |
| | (2) calling ‘foo’ from ‘main’
|
+--> ‘foo’: events 3-5
|
| 13 | struct a_struct *foo() {
| | ^~~
| | |
| | (3) entry to ‘foo’
|......
| 19 | if (!a)
| | ~
| | |
| | (4) following ‘false’ branch (when ‘a’ is non-NULL)...
|......
| 22 | return &a->b;
| | ~~~~~
| | |
| | (5) ...to here
|
<------+
|
‘main’: events 6-10
|
| 30 | struct a_struct *b = foo();
| | ^~~~~
| | |
| | (6) returning to ‘main’ from ‘foo’
|......
| 33 | if (!b)
| | ~
| | |
| | (7) following ‘false’ branch (when ‘b’ is non-NULL)...
|......
| 41 | free(container_of(b, struct container, b));
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (8) ...to here
| | (9) pointer is from here
| | (10) call to ‘free’ here
|
-----------------------------------------------------------------------------
I would think that as long as it is programmatically possible to go back to the
allocated pointer (e.g. the return value is a constant offset from malloc
value) then there should be no leak.
Thanks,
--
Dominique Martinet
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug analyzer/94365] false positive leak when using container_of-like constructs
2020-03-27 18:17 [Bug analyzer/94365] New: false positive leak when using container_of-like constructs npfhrotynz-ptnqh.myvf at noclue dot notk.org
@ 2021-06-12 9:19 ` dimitri at ouroboros dot rocks
2021-11-18 20:51 ` dmalcolm at gcc dot gnu.org
2024-04-08 20:44 ` dmalcolm at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: dimitri at ouroboros dot rocks @ 2021-06-12 9:19 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94365
dimitri at ouroboros dot rocks changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dimitri at ouroboros dot rocks
--- Comment #1 from dimitri at ouroboros dot rocks ---
Thanks for filing this one.
We're using a double-linked-list implementation which also has this construct
using offsetof and are also seeing false positives in these parts of the code.
I thought the analyzer may have trouble with the list pointers, but I think it
will actually be the offsetof that is causing it.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug analyzer/94365] false positive leak when using container_of-like constructs
2020-03-27 18:17 [Bug analyzer/94365] New: false positive leak when using container_of-like constructs npfhrotynz-ptnqh.myvf at noclue dot notk.org
2021-06-12 9:19 ` [Bug analyzer/94365] " dimitri at ouroboros dot rocks
@ 2021-11-18 20:51 ` dmalcolm at gcc dot gnu.org
2024-04-08 20:44 ` dmalcolm at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2021-11-18 20:51 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94365
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
Last reconfirmed| |2021-11-18
Status|UNCONFIRMED |NEW
--- Comment #2 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Thanks for filing this.
The code changed a lot in GCC 11, and again in GCC 12.
Testing again with trunk (for GCC 12); the false leak of ‘a’ report still
occurs, but the -Wanalyzer-free-of-non-heap report is fixed.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug analyzer/94365] false positive leak when using container_of-like constructs
2020-03-27 18:17 [Bug analyzer/94365] New: false positive leak when using container_of-like constructs npfhrotynz-ptnqh.myvf at noclue dot notk.org
2021-06-12 9:19 ` [Bug analyzer/94365] " dimitri at ouroboros dot rocks
2021-11-18 20:51 ` dmalcolm at gcc dot gnu.org
@ 2024-04-08 20:44 ` dmalcolm at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2024-04-08 20:44 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94365
--- Comment #3 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
(In reply to David Malcolm from comment #2)
> Testing again with trunk (for GCC 12); the false leak of ‘a’ report still
> occurs, but the -Wanalyzer-free-of-non-heap report is fixed.
False leak still present with trunk (for GCC 14):
https://godbolt.org/z/nzjaMG7c8
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-04-08 20:44 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-27 18:17 [Bug analyzer/94365] New: false positive leak when using container_of-like constructs npfhrotynz-ptnqh.myvf at noclue dot notk.org
2021-06-12 9:19 ` [Bug analyzer/94365] " dimitri at ouroboros dot rocks
2021-11-18 20:51 ` dmalcolm at gcc dot gnu.org
2024-04-08 20:44 ` dmalcolm at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).