From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 2EF87384640E; Thu, 25 Feb 2021 13:55:45 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 2EF87384640E From: "vmjuan90 at gmail dot com" To: gcc-bugs@gcc.gnu.org Subject: [Bug c/99269] New: False positive -Wanalyzer-malloc-leak/-Wanalyzer-double-free with -fanalyzer Date: Thu, 25 Feb 2021 13:55:44 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: c X-Bugzilla-Version: 10.2.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: vmjuan90 at gmail dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Feb 2021 13:55:45 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D99269 Bug ID: 99269 Summary: False positive -Wanalyzer-malloc-leak/-Wanalyzer-double-free with -fanalyzer Product: gcc Version: 10.2.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c Assignee: unassigned at gcc dot gnu.org Reporter: vmjuan90 at gmail dot com Target Milestone: --- Created attachment 50255 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=3D50255&action=3Dedit minimun example for reproduce Hello I added the minimun example file (bug.c) and the gcc command line for repro= duce what i think are 2 false positives from -fanalizer $ gcc -v -save-temps -fanalyzer -c bug.c Usando especificaciones internas. COLLECT_GCC=3Dgcc Objetivo: x86_64-pc-linux-gnu Configurado con: /var/tmp/portage/sys-devel/gcc-10.2.0-r5/work/gcc-10.2.0/configure --host=3Dx86_64-pc-linux-gnu --build=3Dx86_64-pc-linux-gnu --prefix=3D/usr --bindir=3D/usr/x86_64-pc-linux-gnu/gcc-bin/10.2.0 --includedir=3D/usr/lib/gcc/x86_64-pc-linux-gnu/10.2.0/include --datadir=3D/usr/share/gcc-data/x86_64-pc-linux-gnu/10.2.0 --mandir=3D/usr/share/gcc-data/x86_64-pc-linux-gnu/10.2.0/man --infodir=3D/usr/share/gcc-data/x86_64-pc-linux-gnu/10.2.0/info --with-gxx-include-dir=3D/usr/lib/gcc/x86_64-pc-linux-gnu/10.2.0/include/g+= +-v10 --with-python-dir=3D/share/gcc-data/x86_64-pc-linux-gnu/10.2.0/python --enable-languages=3Dc,c++,fortran --enable-obsolete --enable-secureplt --disable-werror --with-system-zlib --enable-nls --without-included-gettext --enable-checking=3Drelease --with-bugurl=3Dhttps://bugs.gentoo.org/ --with-pkgversion=3D'Gentoo 10.2.0-r5 p6' --disable-esp --enable-libstdcxx-= time --with-build-config=3Dbootstrap-lto --enable-shared --enable-threads=3Dposix --enable-__cxa_atexit --enable-clocale=3Dgnu --enable-multilib --with-multilib-list=3Dm32,m64 --disable-fixed-point --enable-targets=3Dall --enable-libgomp --disable-libssp --disable-libada --disable-systemtap --enable-vtable-verify --without-zstd --enable-lto --with-isl --disable-isl-version-check --enable-default-pie --enable-default-ssp Modelo de hilos: posix Algoritmos de compresi=C3=B3n LTO admitidos: zlib gcc versi=C3=B3n 10.2.0 (Gentoo 10.2.0-r5 p6) COLLECT_GCC_OPTIONS=3D'-v' '-save-temps' '-fanalyzer' '-c' '-mtune=3Dgeneri= c' '-march=3Dx86-64' /usr/libexec/gcc/x86_64-pc-linux-gnu/10.2.0/cc1 -E -quiet -v bug.c -mtune=3Dgeneric -march=3Dx86-64 -fanalyzer -fpch-preprocess -o bug.i se descarta el directorio inexistente "/usr/local/include" se descarta el directorio inexistente "/usr/lib/gcc/x86_64-pc-linux-gnu/10.2.0/../../../../x86_64-pc-linux-gnu/in= clude" la b=C3=BAsqueda de #include "..." inicia aqu=C3=AD: la b=C3=BAsqueda de #include <...> inicia aqu=C3=AD: /usr/lib/gcc/x86_64-pc-linux-gnu/10.2.0/include /usr/lib/gcc/x86_64-pc-linux-gnu/10.2.0/include-fixed /usr/include Fin de la lista de b=C3=BAsqueda. COLLECT_GCC_OPTIONS=3D'-v' '-save-temps' '-fanalyzer' '-c' '-mtune=3Dgeneri= c' '-march=3Dx86-64' /usr/libexec/gcc/x86_64-pc-linux-gnu/10.2.0/cc1 -fpreprocessed bug.i -quiet -dumpbase bug.c -mtune=3Dgeneric -march=3Dx86-64 -auxbase bug -version -fan= alyzer -o bug.s GNU C17 (Gentoo 10.2.0-r5 p6) versi=C3=B3n 10.2.0 (x86_64-pc-linux-gnu) compilado por GNU C versi=C3=B3n 10.2.0, GMP versi=C3=B3n 6.2.1, MP= FR versi=C3=B3n 4.1.0, MPC versi=C3=B3n 1.2.1, isl versi=C3=B3n isl-0.23-GMP GGC heur=C3=ADsticas: --param ggc-min-expand=3D100 --param ggc-min-heapsize= =3D131072 GNU C17 (Gentoo 10.2.0-r5 p6) versi=C3=B3n 10.2.0 (x86_64-pc-linux-gnu) compilado por GNU C versi=C3=B3n 10.2.0, GMP versi=C3=B3n 6.2.1, MP= FR versi=C3=B3n 4.1.0, MPC versi=C3=B3n 1.2.1, isl versi=C3=B3n isl-0.23-GMP GGC heur=C3=ADsticas: --param ggc-min-expand=3D100 --param ggc-min-heapsize= =3D131072 Compiler executable checksum: 5fe470a537c6a646ee2db89927c9a5b2 En la funci=C3=B3n =E2=80=98example=E2=80=99: bug.c:11:10: aviso: leak of =E2=80=98=E2=80=99 [CWE-401] [-Wan= alyzer-malloc-leak] 11 | namelist[1] =3D malloc(sizeof **namelist); | ^ =E2=80=98example=E2=80=99: events 1-6 | | 9 | if (!namelist) return; | | ^ | | | | | (1) following =E2=80=98false=E2=80=99 branch (when =E2=80= =98namelist=E2=80=99 is non-NULL)... | 10 | namelist[0] =3D malloc(sizeof **namelist); | | ~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (2) ...to here | | (3) allocated here | 11 | namelist[1] =3D malloc(sizeof **namelist); | | ~ | | | | | (6) =E2=80=98=E2=80=99 leaks here; was a= llocated at (3) | 12 | | 13 | while(len--) { free(namelist[len]); } | | ~ ~ | | | | | | | (5) ...to here | | (4) following =E2=80=98true=E2=80=99 branch... | bug.c:13:17: aviso: double-=E2=80=98free=E2=80=99 of =E2=80=98= =E2=80=99 [CWE-415] [-Wanalyzer-double-free] 13 | while(len--) { free(namelist[len]); } | ^~~~~~~~~~~~~~~~~~~ =E2=80=98example=E2=80=99: events 1-11 | | 9 | if (!namelist) return; | | ^ | | | | | (1) following =E2=80=98false=E2=80=99 branch (when =E2=80= =98namelist=E2=80=99 is non-NULL)... | 10 | namelist[0] =3D malloc(sizeof **namelist); | | ~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (2) ...to here |...... | 13 | while(len--) { free(namelist[len]); } | | ~ ~~~~~~~~~~~~~~~~~~~ | | | | | | | | | (4) ...to here | | | | (5) first =E2=80=98free=E2=80=99 = here | | | | (7) ...to here | | | | (8) first =E2=80=98free=E2=80=99 = here | | | | (10) ...to here | | | (11) second =E2=80=98free=E2=80=99 here; first= =E2=80=98free=E2=80=99 was at (8) | | (3) following =E2=80=98true=E2=80=99 branch... | | (6) following =E2=80=98true=E2=80=99 branch... | | (9) following =E2=80=98true=E2=80=99 branch... | COLLECT_GCC_OPTIONS=3D'-v' '-save-temps' '-fanalyzer' '-c' '-mtune=3Dgeneri= c' '-march=3Dx86-64' /usr/lib/gcc/x86_64-pc-linux-gnu/10.2.0/../../../../x86_64-pc-linux-gnu/bi= n/as -v --64 -o bug.o bug.s GNU ensamblador versi=C3=B3n 2.34.0 (x86_64-pc-linux-gnu) utilizando BFD ve= rsi=C3=B3n (Gentoo 2.34 p6) 2.34.0 COMPILER_PATH=3D/usr/libexec/gcc/x86_64-pc-linux-gnu/10.2.0/:/usr/libexec/g= cc/x86_64-pc-linux-gnu/10.2.0/:/usr/libexec/gcc/x86_64-pc-linux-gnu/:/usr/l= ib/gcc/x86_64-pc-linux-gnu/10.2.0/:/usr/lib/gcc/x86_64-pc-linux-gnu/:/usr/l= ib/gcc/x86_64-pc-linux-gnu/10.2.0/../../../../x86_64-pc-linux-gnu/bin/ LIBRARY_PATH=3D/usr/lib/gcc/x86_64-pc-linux-gnu/10.2.0/:/usr/lib/gcc/x86_64= -pc-linux-gnu/10.2.0/../../../../lib64/:/lib/../lib64/:/usr/lib/../lib64/:/= usr/lib/gcc/x86_64-pc-linux-gnu/10.2.0/../../../../x86_64-pc-linux-gnu/lib/= :/usr/lib/gcc/x86_64-pc-linux-gnu/10.2.0/../../../:/lib/:/usr/lib/ COLLECT_GCC_OPTIONS=3D'-v' '-save-temps' '-fanalyzer' '-c' '-mtune=3Dgeneri= c' '-march=3Dx86-64' regards=