https://gcc.gnu.org/bugzilla/show_bug.cgi?id=118500
Bug ID: 118500
Summary: no diagnostics with strsep(3) and
[[gnu::malloc(free)]] attribute
Product: gcc
Version: 15.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: alx at kernel dot org
Target Milestone: ---
I think it's -Wfree-nonheap-object which should control this.
strsep(3) takes the address of the pointer and modifies it (unless it was
NULL).
The analyzer should expect that this results in a bogus free(3) call.
alx@devuan:~/tmp/gcc$ cat strsep2.c
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
[[gnu::malloc(free)]]
char *my_strdup(const char *s)
{
return strdup(s);
}
[[gnu::noipa]]
int
g(void)
{
char *s;
s = my_strdup("f,oo");
if (s == NULL)
return -1;
strsep(&s, ",");
puts(s);
free(s);
return 0;
}
int
main(void)
{
return g();
}
alx@devuan:~/tmp/gcc$ gcc-15 -Wall -Wextra -fanalyzer -O3 strsep2.c
alx@devuan:~/tmp/gcc$ ./a.out
oo
free(): invalid pointer
Aborted
