[Bug analyzer/106454] -Wanalyzer-malloc-leak false positive when returning heap-allocation through array in struct after function call

dmalcolm at gcc dot gnu.org via Gcc-bugs Wed, 27 Jul 2022 05:27:32 -0700

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106454


David Malcolm <dmalcolm at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
     Ever confirmed|0                           |1
   Last reconfirmed|                            |2022-07-27

--- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Thanks for filing this bug.

Confirmed on trunk, and with gcc 12.1, gcc 11.3, and gcc 10.4

Compiler Explorer link:
  https://godbolt.org/z/ja681nMe3

Adding __analyzer_dump (); after the malloc shows:

rmodel:
stack depth: 1
  frame (index 0): frame: 'foo'@1
clusters within root region
  cluster for: (*INIT_VAL(d_5(D))): UNKNOWN(struct a) (ESCAPED) (TOUCHED)
  cluster for: (*SUB(CONJURED(c ();, (*INIT_VAL(d_5(D)))),
(*INIT_VAL(d_5(D))).args)): &HEAP_ALLOCATED_REGION(14)
m_called_unknown_fn: TRUE
constraint_manager:
  equiv classes:
    ec0: {(void *)0B == [m_constant]'0B'}
    ec1: {INIT_VAL(d_5(D))}
    ec2: {SUB(CONJURED(c ();, (*INIT_VAL(d_5(D)))), (*INIT_VAL(d_5(D))).args)}
  constraints:
    0: ec1: {INIT_VAL(d_5(D))} != ec0: {(void *)0B == [m_constant]'0B'}
    1: ec2: {SUB(CONJURED(c ();, (*INIT_VAL(d_5(D)))),
(*INIT_VAL(d_5(D))).args)} != ec0: {(void *)0B == [m_constant]'0B'}

[Bug analyzer/106454] -Wanalyzer-malloc-leak false positive when returning heap-allocation through array in struct after function call

Reply via email to