Interesting. I think this is a false positive, as the "use" is pointer
arithmetic to derive an integer offset, not a dereference. If you're
going to complain about using "buff" like that, you should equally
complain of using p, which just the value of buff that's just been freed
incremented a few times.
This code just got changed by Petr's realloc patch, but as far as I can
see the same complaint still applies (or doesn't). Does you compiler
still complain?
Cheers,
Simon.
On 22/06/2022 09:23, Geert Stappers via Dnsmasq-discuss wrote:
Hello,
With GCC version 12.1 I do get:
cc -Wall -W -O2 -DVERSION='"2.87test8-16-g770bce9"' -c cache.c
cache.c: In function ‘cache_make_stat’:
cache.c:1683:30: warning: pointer used after ‘free’ [-Wuse-after-free]
1683 | p = new + (p - buff);
| ~~~^~~~~~~
cache.c:1682:17: note: call to ‘free’ here
1682 | free(buff);
| ^~~~~~~~~~
Lines 1682 and 1683 in context:
$ awk '{ print NR, $0 }' src/cache.c | sed --silent -e '1675,1689p'
1675 if (bytes_needed >= bytes_avail)
1676 {
1677 /* expand buffer if necessary */
1678 newlen = bytes_needed + 1 + bufflen - bytes_avail;
1679 if (!(new = whine_malloc(newlen)))
1680 return 0;
1681 memcpy(new, buff, bufflen);
1682 free(buff);
1683 p = new + (p - buff);
1684 lenp = p - 1;
1685 buff = new;
1686 bufflen = newlen;
1687 bytes_avail = bufflen - (p - buff );
1688 bytes_needed = snprintf(p, bytes_avail, "%s#%d %u %u",
daemon->addrbuff, port, queries, failed_queries);
1689 }
Patch is work in progress.
Groeten
Geert Stappers
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
