From: David Malcolm <dmalcolm@redhat.com>
To: Alejandro Colomar <alx.manpages@gmail.com>, GCC <gcc@gcc.gnu.org>
Subject: Re: -Wanalyzer-malloc-leak false positives
Date: Wed, 29 Mar 2023 09:32:11 -0400 [thread overview]
Message-ID: <da90d44cb3ca889c0579da25c371a4de0551261c.camel@redhat.com> (raw)
In-Reply-To: <45c0584d-b326-a975-7ebc-cef76e154530@gmail.com>
On Wed, 2023-03-29 at 15:20 +0200, Alejandro Colomar via Gcc wrote:
> Hi!
>
> With both GCC 12.2.0 (Debian), and GCC 13.0.1 20230315 (built from
> source),
> I can reproduce these false positives.
>
> The reproducer program is a small program that checks a password
> against a
> hardcoded string, and conditionally prints "validated". I wrote it
> precisely to demonstrate how [[gnu::malloc(deallocator)]] can be used
> to
> ensure that passwords are not leaked in memory, but I found out that
> it
> fails to detect some conditions.
>
> Here's the program (it uses agetpass(), as defined in the shadow
> project):
>
> $ cat pass.c
> #include <err.h>
> #include <errno.h>
> #include <limits.h>
> #include <readpassphrase.h>
> #include <stdlib.h>
> #include <string.h>
> #include <unistd.h>
>
[...snip...]
I very briefly tried to reproduce this myself, but I suspect we've got
different headers.
>
>
> Maybe I'm missing something, but I don't think falanyzer is correct
> here.
Quite possibly.
> Should I report this in bugzilla?
Yes please. Please can you attach the preprocessed source [1] to the
bug report(s) so that we're looking at the same code. Ideally also a
link to godbolt.org showing the issue.
Thanks
Dave
[1] you can get this via -E
next prev parent reply other threads:[~2023-03-29 13:32 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-29 13:20 Alejandro Colomar
2023-03-29 13:32 ` David Malcolm [this message]
2023-03-29 13:41 ` Alejandro Colomar
2023-03-29 14:04 ` Alejandro Colomar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=da90d44cb3ca889c0579da25c371a4de0551261c.camel@redhat.com \
--to=dmalcolm@redhat.com \
--cc=alx.manpages@gmail.com \
--cc=gcc@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).