https://gcc.gnu.org/bugzilla/show_bug.cgi?id=118500
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
Last reconfirmed| |2025-01-20
Status|UNCONFIRMED |NEW
--- Comment #5 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Thanks for filing this report.
There are (at least) three -fanalyzer issues here:
(a) false positive about leak of 'my_strdup("f,oo")':
https://godbolt.org/z/rKxhfxWGf
This is probably due to -fanalyzer getting confused by having both the
attribute and a function body. I think there's already a report about this in
BZ somewhere.
(b) -fanalyzer doesn't "know" about the behavior of strsep beyond "knowing"
that it doesn't malloc or free anything internally. Hence it doesn't know that
it will advance s to a point within the buffer that's not the start (and hence
the later "free" is a bug).
(c) With the "s++;" case in comment #4, -fanalyzer doesn't warn about free
called on a pointer *within* the buffer; it seems like it should.
https://godbolt.org/z/dMaGnTEYs
