Bjarni Ingi Gislason wrote:
>
> In function 'vasnprintf':
> ../lib/vasnprintf.c:5849:7: warning: 'free' of 'result_334' which points
> to memory not on the heap [CWE-590] [-Wanalyzer-free-of-non-heap]
> 5849 | free (result);
> ...
This is a false positive. By code inspection, one can see that
* the value of 'resultbuf' is never changed (in other words, this parameter
could be marked 'const'),
* staring with line 1916, the value of result is either == NULL or
== resultbuf or memory allocated within the vasnprintf function. See the
comment at line 1928.
Therefore it is safe to do
if (!(result == resultbuf || result == NULL))
free (result);
> and
>
> ../lib/vasnprintf.c:5855:5: warning: leak of 'result_20' [CWE-401]
> [-Wanalyzer-malloc-leak]
> 5855 | return NULL;
> ...
This is a false positive as well:
As mentioned above, of the control flow passes through lines 5848..5849,
'result' has been freed if it was memory allocated. In the other case,
a 'goto out_of_memory_1;' was executed; in this case 'result' did not
have any value.
Bruno
