https://gcc.gnu.org/bugzilla/show_bug.cgi?id=118500
--- Comment #6 from Alejandro Colomar <alx at kernel dot org> ---
(In reply to David Malcolm from comment #5)
> Thanks for filing this report.
You're welcome! :-)
>
> There are (at least) three -fanalyzer issues here:
>
> (a) false positive about leak of 'my_strdup("f,oo")':
> https://godbolt.org/z/rKxhfxWGf
> This is probably due to -fanalyzer getting confused by having both the
> attribute and a function body. I think there's already a report about this
> in BZ somewhere.
>
> (b) -fanalyzer doesn't "know" about the behavior of strsep beyond "knowing"
> that it doesn't malloc or free anything internally. Hence it doesn't know
> that it will advance s to a point within the buffer that's not the start
> (and hence the later "free" is a bug).
Agree.
>
> (c) With the "s++;" case in comment #4, -fanalyzer doesn't warn about free
> called on a pointer *within* the buffer; it seems like it should.
> https://godbolt.org/z/dMaGnTEYs
I think this is being correctly reported by fanalyzer. Don't you mean this?
(pasted from the godbolt link you sentl; at the bottom).
<source>:23:9: warning: 'free' called on pointer 's' with nonzero offset 1
[-Wfree-nonheap-object]
23 | free(s);
| ^~~~~~~
<source>:17:13: note: returned from 'my_strdup'
17 | s = my_strdup("f,oo");
| ^~~~~~~~~~~~~~~~~
