[Bug analyzer/108252] false positive: leak detection

dmalcolm at gcc dot gnu.org via Gcc-bugs Thu, 12 Jan 2023 06:57:24 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108252


--- Comment #6 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
(In reply to Илья Шипицин from comment #5)
> thank you, David!
> 
> I'll rerun haproxy check soon

Note that I haven't yet fixed bug 108251, so I don't know how useful the
results will be to you :/

FWIW I've added a build of haproxy-2.7.1 with -fanalyzer to my integration
tests of -fanalyzer:
  https://github.com/davidmalcolm/gcc-analyzer-integration-tests
to try to track the output.

Prior to the above patch I got this from gcc trunk with haproxy-2.7.1:

warning: 185
 - -Wanalyzer-null-dereference dereference of NULL ‘0’: 17
 - -Wanalyzer-null-dereference dereference of NULL ‘conn’: 14
 - -Wanalyzer-malloc-leak leak of ‘b’: 11
 - -Wanalyzer-malloc-leak leak of ‘<unknown>’: 10
 - -Wanalyzer-malloc-leak leak of ‘strdup(args[1])’: 8
 - -Wanalyzer-use-of-uninitialized-value use of uninitialized value
‘sl.rq.m.ptr’: 7
 - -Wanalyzer-use-of-uninitialized-value use of uninitialized value
‘sl.rq.u.ptr’: 7
 - -Wanalyzer-malloc-leak leak of ‘strdup(tmp)’: 5
 - -Wanalyzer-fd-leak leak of file descriptor ‘*rx.fd’: 4
 - -Wanalyzer-null-dereference dereference of NULL ‘fstrm’: 4
 - -Wanalyzer-use-of-uninitialized-value use of uninitialized value
‘sl.rq.v.ptr’: 4
 - -Wanalyzer-out-of-bounds heap-based buffer under-read: 3
 - -Wanalyzer-malloc-leak leak of ‘u’: 3
 - -Wanalyzer-use-of-uninitialized-value use of uninitialized value
‘sl.rq.u.len’: 3
 - -Wanalyzer-null-dereference dereference of NULL ‘s’: 3
 - -Wanalyzer-malloc-leak leak of ‘strdup(&buf)’: 2
 - -Wanalyzer-null-dereference dereference of NULL ‘ret’: 2
 - -Wanalyzer-malloc-leak leak of ‘chk.area’: 2
 - -Wanalyzer-fd-leak leak of file descriptor ‘socket(1, 1, 0)’: 2
 - -Wanalyzer-use-of-uninitialized-value use of uninitialized value
‘ring.buf.data’: 2
 - -Wanalyzer-deref-before-check check of ‘meth’ for NULL after already
dereferencing it: 2
 - -Wanalyzer-deref-before-check check of ‘uri’ for NULL after already
dereferencing it: 2
 - -Wanalyzer-deref-before-check check of ‘vsn’ for NULL after already
dereferencing it: 2
 - -Wanalyzer-allocation-size allocated buffer size is not a multiple of the
pointee's size: 2
 - -Wanalyzer-deref-before-check check of ‘etag_buffer’ for NULL after already
dereferencing it: 2
 - -Wanalyzer-use-of-uninitialized-value use of uninitialized value ‘*(unsigned
int *)memPtr’: 2
 - -Wanalyzer-deref-before-check check of ‘result’ for NULL after already
dereferencing it: 2
 - -Wanalyzer-possible-null-dereference dereference of possibly-NULL ‘p’: 2
 - -Wanalyzer-null-argument use of NULL ‘params’ where non-null expected: 2
 - -Wanalyzer-null-dereference dereference of NULL ‘uri’: 2
 - -Wanalyzer-deref-before-check check of ‘dash’ for NULL after already
dereferencing it: 2
 - -Wanalyzer-fd-leak leak of file descriptor: 1
 - -Wanalyzer-malloc-leak leak of ‘calloc((long unsigned int)(hdr_num + 1),
32)’: 1
 - -Wanalyzer-malloc-leak leak of ‘node’: 1
 - -Wanalyzer-malloc-leak leak of ‘malloc((long unsigned int)(len + 1))’: 1
 - -Wanalyzer-use-of-uninitialized-value use of uninitialized value ‘data’: 1
 - -Wanalyzer-malloc-leak leak of ‘newkey’: 1
 - -Wanalyzer-possible-null-dereference dereference of possibly-NULL ‘p1’: 1
 - -Wanalyzer-malloc-leak leak of ‘conf_err’: 1
 - -Wanalyzer-malloc-leak leak of ‘new_conf_err’: 1
 - -Wanalyzer-malloc-leak leak of ‘strdup(*args_21(D) + _3)’: 1
 - -Wanalyzer-use-of-uninitialized-value use of uninitialized value ‘*(struct
lru64 *)_117 = PHI <_8(16), troot_4(13), ret_106(24)>.revision’: 1
 - -Wanalyzer-use-of-uninitialized-value use of uninitialized value ‘*(struct
lru64 *)_117 = PHI <_8(16), troot_4(13), ret_106(24)>.lru.n’: 1
 - -Wanalyzer-use-of-uninitialized-value use of uninitialized value ‘*(struct
lru64 *)_117 = PHI <_8(16), troot_4(13), ret_106(24)>.lru.p’: 1
 - -Wanalyzer-malloc-leak leak of ‘*lru.spare’: 1
 - -Wanalyzer-malloc-leak leak of ‘strdup(*args_18(D) + _4)’: 1
 - -Wanalyzer-possible-null-dereference dereference of possibly-NULL ‘dst’: 1
 - -Wanalyzer-use-after-free use after ‘free’ of ‘link’: 1
 - -Wanalyzer-malloc-leak leak of ‘strdup(backing)’: 1
 - -Wanalyzer-possible-null-dereference dereference of possibly-NULL ‘comp’: 1
 - -Wanalyzer-malloc-leak leak of ‘fconf’: 1
 - -Wanalyzer-malloc-leak leak of ‘strdup("/haproxy?stats")’: 1
 - -Wanalyzer-malloc-leak leak of ‘strdup(".internal-stats-userlist")’: 1
 - -Wanalyzer-malloc-leak leak of ‘calloc(1, 72)’: 1
 - -Wanalyzer-malloc-leak leak of ‘strdup(*args_153(D) + _49)’: 1
 - -Wanalyzer-deref-before-check check of ‘ext_child’ for NULL after already
dereferencing it: 1
 - -Wanalyzer-use-of-uninitialized-value use of uninitialized value
‘sl.rq.m.len’: 1
 - -Wanalyzer-use-of-uninitialized-value use of uninitialized value
‘sl.rq.v.len’: 1
 - -Wanalyzer-malloc-leak leak of ‘vph’: 1
 - -Wanalyzer-null-argument use of NULL where non-null expected: 1
 - -Wanalyzer-null-dereference dereference of NULL ‘value’: 1
 - -Wanalyzer-malloc-leak leak of ‘wl’: 1
 - -Wanalyzer-double-free double-‘free’ of ‘*wl.s’: 1
 - -Wanalyzer-double-free double-‘free’ of ‘wl’: 1
 - -Wanalyzer-malloc-leak leak of ‘rule’: 1
 - -Wanalyzer-malloc-leak leak of ‘progname’: 1
 - -Wanalyzer-out-of-bounds buffer over-read: 1
 - -Wanalyzer-fd-leak leak of file descriptor ‘fd’: 1
 - -Wanalyzer-null-dereference dereference of NULL ‘srv’: 1
 - -Wanalyzer-possible-null-argument use of possibly-NULL
‘*curproxy.lbprm.arg_str’ where non-null expected: 1
 - -Wanalyzer-use-of-uninitialized-value use of uninitialized value ‘parser’: 1
 - -Wanalyzer-null-dereference dereference of NULL ‘sl’: 1
 - -Wanalyzer-null-dereference dereference of NULL ‘dht’: 1
 - -Wanalyzer-malloc-leak leak of ‘malloc(*_ctr.size)’: 1
 - -Wanalyzer-null-dereference dereference of NULL ‘remote’: 1
 - -Wanalyzer-malloc-leak leak of ‘strdup(trash.area)’: 1
 - -Wanalyzer-malloc-leak leak of ‘strdup(id)’: 1
 - -Wanalyzer-malloc-leak leak of ‘strdup(file)’: 1
 - -Wanalyzer-malloc-leak leak of ‘strdup(arg)’: 1
 - -Wanalyzer-malloc-leak leak of ‘cp’: 1
 - -Wanalyzer-malloc-leak leak of ‘tctx’: 1

and the effect of the above gcc patch to the haproxy-2.7.1 results is:

  Number of occurrences 8 -> 4 (-4) for issue "-Wanalyzer-malloc-leak leak of
‘strdup(args[1])’"
  Number of occurrences 2 -> 1 (-1) for issue "-Wanalyzer-malloc-leak leak of
‘strdup(&buf)’"
  Number of occurrences 3 -> 1 (-2) for issue "-Wanalyzer-malloc-leak leak of
‘u’"
  Number of occurrences 2 -> 1 (-1) for issue "-Wanalyzer-deref-before-check
check of ‘result’ for NULL after already dereferencing it"
  New issue "-Wanalyzer-malloc-leak leak of ‘*ctx.prefix’" (1 occurence)
  New issue "-Wanalyzer-malloc-leak leak of ‘logsrv’" (1 occurence)
  Eliminated issue "-Wanalyzer-malloc-leak leak of ‘strdup(tmp)’"
  Eliminated issue "-Wanalyzer-malloc-leak leak of ‘newkey’"
  Eliminated issue "-Wanalyzer-malloc-leak leak of ‘strdup(*args_21(D) + _3)’"
  Eliminated issue "-Wanalyzer-malloc-leak leak of ‘strdup(*args_18(D) + _4)’"
  Eliminated issue "-Wanalyzer-malloc-leak leak of ‘strdup(backing)’"
  Eliminated issue "-Wanalyzer-malloc-leak leak of ‘strdup("/haproxy?stats")’"
  Eliminated issue "-Wanalyzer-malloc-leak leak of
‘strdup(".internal-stats-userlist")’"
  Eliminated issue "-Wanalyzer-malloc-leak leak of ‘strdup(*args_153(D) +
_49)’"
  Eliminated issue "-Wanalyzer-malloc-leak leak of ‘progname’"
  Eliminated issue "-Wanalyzer-malloc-leak leak of ‘strdup(trash.area)’"
  Eliminated issue "-Wanalyzer-malloc-leak leak of ‘strdup(id)’"
  Eliminated issue "-Wanalyzer-malloc-leak leak of ‘strdup(file)’"
  Eliminated issue "-Wanalyzer-malloc-leak leak of ‘strdup(arg)’"

I haven't yet dug into to see the details to classify things as true/false
positives.  I expect there are still a *lot* of false positives (sorry!)

[Bug analyzer/108252] false positive: leak detection

Reply via email to