[Bug analyzer/118300] New: False malloc leak warning from static analyzer

fchelnokov at gmail dot com via Gcc-bugs Sun, 05 Jan 2025 00:52:26 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=118300


            Bug ID: 118300
           Summary: False malloc leak warning from static analyzer
           Product: gcc
           Version: 14.2.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: analyzer
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: fchelnokov at gmail dot com
  Target Milestone: ---

This program
```
#include <stdlib.h>

int main() {
    int*** new = malloc(sizeof(int**));
    *new = malloc(sizeof(int*));
    **new = malloc(sizeof(int));

    free(**new);
    free(*new);
    free(new);
}
```
if complied in recent GCC with `-fanalyzer -fsanitize=address,undefined`
command-line options produce erroneous warning:
> warning: leak of 'malloc(4)' [CWE-401] [-Wanalyzer-malloc-leak]
>    8 |     free(**new);
>      |           ^~~~
GCC 11 does not have this issue yet. Online demo:
https://gcc.godbolt.org/z/e99naov8Y

Related discussion: https://stackoverflow.com/q/79329275/7325599

[Bug analyzer/118300] New: False malloc leak warning from static analyzer

Reply via email to