https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94399
Bug ID: 94399
Summary: analyzer reports false positives for stuff freed using
__attribute__((cleanup()))
Product: gcc
Version: 10.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: zbyszek at in dot waw.pl
Target Milestone: ---
Created attachment 48142
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=48142&action=edit
test program
$ rpm -q gcc
gcc-10.0.1-0.9.fc32.x86_64
$ cat testfree.c
#include <stdlib.h>
#define _cleanup_(f) __attribute__((cleanup(f)))
static inline void freep(void **p) {
free(*p);
}
void test(void) {
_cleanup_(freep) void *ptr;
ptr = malloc(3);
}
int main(void) {
test();
return 0;
}
$ gcc -fanalyzer testfree.c -o testfree
testfree.c: In function ‘test’:
testfree.c:13:1: warning: leak of ‘ptr’ [CWE-401] [-Wanalyzer-malloc-leak]
13 | }
| ^
‘test’: events 1-4
|
| 9 | void test(void) {
| | ^~~~
| | |
| | (1) entry to ‘test’
| 10 | _cleanup_(freep) void *ptr;
| | ~~~
| | |
| | (4) calling ‘freep’ from ‘test’
| 11 |
| 12 | ptr = malloc(3);
| | ~~~~~~~~~~~~~~~
| | | |
| | | (2) allocated here
| | (3) allocated here
|
+--> ‘freep’: events 5-6
|
| 5 | static inline void freep(void **p) {
| | ^~~~~
| | |
| | (5) entry to ‘freep’
| 6 | free(*p);
| | ~~~~~~~~
| | |
| | (6) state of ‘ptr’: ‘start’ -> ‘freed’ (origin:
NULL)
|
<------+
|
‘test’: events 7-8
|
| 10 | _cleanup_(freep) void *ptr;
| | ^~~
| | |
| | (7) returning to ‘test’ from
‘freep’
|......
| 13 | }
| | ~
| | |
| | (8) ‘ptr’ leaks here; was allocated at (3)
|
It seems that the analyzer knows that the pointer was freed (event 6), but then
still reports a leak (8).
