https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106454
Bug ID: 106454
Summary: -Wanalyzer-malloc-leak false positive when returning
heap-allocation through array in struct after function
call
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: raimue at codingfarm dot de
Target Milestone: ---
Here is the most minimal test case I could come up with to trigger a
false-positive in -fanalyzer.
Source:
#include <stdlib.h>
void c(void);
struct a {
char **args;
};
void foo(struct a *d) {
c();
d->args[0] = malloc(42);
}
Compiler output:
$ gcc-12 -Wall -fanalyzer -c -o foo.o foo.c
foo.c: In function 'foo':
foo.c:12:1: warning: leak of 'malloc(42)' [CWE-401] [-Wanalyzer-malloc-leak]
12 | }
| ^
'foo': events 1-2
|
| 11 | d->args[0] = malloc(42);
| | ^~~~~~~~~~
| | |
| | (1) allocated here
| 12 | }
| | ~
| | |
| | (2) 'malloc(42)' leaks here; was allocated at (1)
|
Notes:
The warning no longer triggers if I either remove the function call to c()
completely or move the function call to c() after the assignment.
This was discovered with GCC 12.0.1 on Ubuntu 22.04:
$ gcc-12 --version
gcc-12 (Ubuntu 12-20220319-1ubuntu1) 12.0.1 20220319 (experimental) [master
r12-7719-g8ca61ad148f]
