public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "rjones at redhat dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug c/99193] Bogus "should have been deallocated with 'free' but was deallocated with 'realloc' [CWE-762] [-Werror=analyzer-mismatching-deallocation]"
Date: Mon, 22 Feb 2021 10:14:33 +0000 [thread overview]
Message-ID: <bug-99193-4-EYmHy1WwNu@http.gcc.gnu.org/bugzilla/> (raw)
In-Reply-To: <bug-99193-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99193
--- Comment #3 from Richard W.M. Jones <rjones at redhat dot com> ---
This seems to be the same thing at a different place in the code:
https://github.com/libguestfs/libguestfs/blob/f19fd566f6387ce7e4d82409528c9dde374d25e0/df/main.c#L404
CC virt_df-main.o
main.c: In function 'make_display_name':
main.c:404:11: error: 'ret' should have been deallocated with 'free' but was
deallocated with 'realloc' [CWE-762]
[-Werror=analyzer-mismatching-deallocation]
404 | ret = realloc (ret, len + pluses + 1);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'make_display_name': event 1
|
| 378 | make_display_name (struct drv *drvs)
| | ^~~~~~~~~~~~~~~~~
| | |
| | (1) entry to 'make_display_name'
|
'make_display_name': event 2
|
| 382 | assert (drvs != NULL);
| | ^~~~~~
| | |
| | (2) following 'true' branch (when 'drvs' is non-NULL)...
|
'make_display_name': events 3-4
|
| 385 | if (drvs->next == NULL)
| | ^~ ~
| | | |
| | | (4) following 'false' branch...
| | (3) ...to here
|
'make_display_name': event 5
|
|cc1:
| (5): ...to here
|
'make_display_name': events 6-8
|
| 396 | while (drvs->next != NULL) {
| | ^
| | |
| | (6) following 'true' branch...
| 397 | drvs = drvs->next;
| | ~~~~
| | |
| | (7) ...to here
|......
| 401 | ret = single_drive_display_name (drvs);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (8) calling 'single_drive_display_name' from
'make_display_name'
|
+--> 'single_drive_display_name': event 9
|
| 322 | single_drive_display_name (struct drv *drvs)
| | ^~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (9) entry to 'single_drive_display_name'
|
'single_drive_display_name': event 10
|
| 327 | assert (drvs != NULL);
| | ^~~~~~
| | |
| | (10) following 'true' branch (when 'drvs' is non-NULL)...
|
'single_drive_display_name': event 11
|
| 328 | assert (drvs->next == NULL);
| | ^~~~~~
| | |
| | (11) ...to here
|
'single_drive_display_name': event 12
|
| 328 | assert (drvs->next == NULL);
| | ^~~~~~
| | |
| | (12) following 'true' branch...
|
'single_drive_display_name': events 13-19
|
| 330 | switch (drvs->type) {
| | ^~~~~~
| | |
| | (13) ...to here
| | (14) following 'case 1:' branch...
|......
| 342 | case drv_uri:
| | ~~~~
| | |
| | (15) ...to here
| 343 | name = strdup (drvs->uri.orig_uri);
| 344 | if (name == NULL)
| | ~
| | |
| | (16) following 'false' branch (when 'name' is
non-NULL)...
|......
| 349 | p = strrchr (name, '/');
| | ~
| | |
| | (17) ...to here
|......
| 370 | if (!name)
| | ~
| | |
| | (18) following 'false' branch (when 'name' is
non-NULL)...
|......
| 373 | return name;
| | ~~~~~~
| | |
| | (19) ...to here
|
<------+
|
'make_display_name': events 20-21
|
| 401 | ret = single_drive_display_name (drvs);
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (20) returning to 'make_display_name' from
'single_drive_display_name'
|......
| 404 | ret = realloc (ret, len + pluses + 1);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (21) deallocated with 'realloc' here
|
cc1: all warnings being treated as errors
next prev parent reply other threads:[~2021-02-22 10:14 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-22 10:01 [Bug c/99193] New: " rjones at redhat dot com
2021-02-22 10:05 ` [Bug c/99193] " rjones at redhat dot com
2021-02-22 10:13 ` rjones at redhat dot com
2021-02-22 10:14 ` rjones at redhat dot com [this message]
2021-02-22 10:36 ` rjones at redhat dot com
2021-02-22 15:21 ` [Bug analyzer/99193] " msebor at gcc dot gnu.org
2021-02-22 22:27 ` dmalcolm at gcc dot gnu.org
2021-02-24 21:03 ` dmalcolm at gcc dot gnu.org
2021-02-25 0:57 ` cvs-commit at gcc dot gnu.org
2021-02-25 0:59 ` dmalcolm at gcc dot gnu.org
2021-02-25 11:20 ` rjones at redhat dot com
2021-02-25 14:27 ` dmalcolm at gcc dot gnu.org
2021-02-25 14:41 ` rjones at redhat dot com
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-99193-4-EYmHy1WwNu@http.gcc.gnu.org/bugzilla/ \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-bugs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).