[Bug analyzer/108252] New: false positive: leak detection

chipitsine at gmail dot com via Gcc-bugs Thu, 29 Dec 2022 06:11:26 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108252


            Bug ID: 108252
           Summary: false positive: leak detection
           Product: gcc
           Version: 13.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: analyzer
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: chipitsine at gmail dot com
  Target Milestone: ---

repro steps

git clone https://github.com/haproxy/haproxy
cd haproxy

export CC=/home/ilia/gcc/gcc-home/bin/gcc
make TARGET=linux-glibc USE_OPENSSL=1 DEBUG_CFLAGS="-fanalyzer"

detection


```
src/cfgparse-ssl.c: In function ‘ssl_parse_global_ciphers’:
src/cfgparse-ssl.c:264:17: warning: leak of ‘strdup(args[1])’ [CWE-401]
[-Wanalyzer-malloc-leak]
  264 |         *target = strdup(args[1]);
      |         ~~~~~~~~^~~~~~~~~~~~~~~~~
  ‘ssl_parse_global_ciphers’: events 1-6
    |
    |  255 |         if (too_many_args(1, args, err, NULL))
    |      |            ^
    |      |            |
    |      |            (1) following ‘false’ branch...
    |......
    |  258 |         if (*(args[1]) == 0) {
    |      |            ~ ~~~~~~~~~
    |      |            |      |
    |      |            |      (2) ...to here
    |      |            (3) following ‘false’ branch...
    |......
    |  263 |         free(*target);
    |      |         ~~~~~~~~~~~~~
    |      |         |
    |      |         (4) ...to here
    |  264 |         *target = strdup(args[1]);
    |      |         ~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |                 | |
    |      |                 | (5) allocated here
    |      |                 (6) ‘strdup(args[1])’ leaks here; was allocated at
(5)
    |

```

is wrong

detailed review:
https://github.com/haproxy/haproxy/issues/1745#issuecomment-1367207339

[Bug analyzer/108252] New: false positive: leak detection

Reply via email to