https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108648
Bug ID: 108648 Summary: -Wanalyzer-fd-leak false positives seen on haproxy's proto_tcp.c Product: gcc Version: 13.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- Created attachment 54394 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=54394&action=edit Reproducer The attached reproducer currently emits 3 -Wanalyzer-fd-leak diagnostics with -fanalyzer on trunk, all of which seem to be false positives: https://godbolt.org/z/j3xWjoE5T <source>: In function 'fd_want_recv': <source>:56:11: warning: leak of file descriptor [CWE-775] [-Wanalyzer-fd-leak] 56 | asm volatile("lock btsl %2, %0\n" | ^~~ 'tcp_resume_receiver': events 1-8 | | 117 | int tcp_resume_receiver(struct receiver *rx) { | | ^~~~~~~~~~~~~~~~~~~ | | | | | (1) entry to 'tcp_resume_receiver' |...... | 122 | if (rx->fd < 0) | | ~ | | | | | (2) following 'false' branch... |...... | 125 | if (listen(rx->fd, listener_backlog(l)) == 0) { | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | || | | |(3) ...to here | | |(4) stream socket marked as passive here via 'listen' | | |(5) when 'listen' succeeds | | (6) following 'true' branch... | 126 | fd_want_recv(l->rx.fd); | | ~~~~~~~~~~~~~~~~~~~~~~ | | | | | (7) ...to here | | (8) calling 'fd_want_recv' from 'tcp_resume_receiver' | +--> 'fd_want_recv': events 9-12 | | 47 | static inline void fd_want_recv(int fd) { | | ^~~~~~~~~~~~ | | | | | (9) entry to 'fd_want_recv' | 48 | if ((fdtab[fd].state & (1U << 0)) || ({ | | ~ | | | | | (10) following 'false' branch... |...... | 56 | asm volatile("lock btsl %2, %0\n" | | ~~~ | | | | | (12) leaks here | 57 | : "+m"(*(&fdtab[fd].state)), "=@ccc"(__ret) | | ~ | | | | | (11) ...to here | <source>: In function 'tcp_suspend_receiver': <source>:97:6: warning: leak of file descriptor '*rx.fd' [CWE-775] [-Wanalyzer-fd-leak] 97 | if (connect(rx->fd, &sa, sizeof(sa)) < 0) | ^ 'tcp_suspend_receiver': events 1-3 | | 94 | if (rx->flags & 0x00000002) | | ^ | | | | | (1) following 'false' branch... |...... | 97 | if (connect(rx->fd, &sa, sizeof(sa)) < 0) | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | || | | |(2) ...to here | | (3) '*rx.fd' leaks here | <source>: In function 'tcp_resume_receiver': <source>:125:6: warning: leak of file descriptor '*rx.fd' [CWE-775] [-Wanalyzer-fd-leak] 125 | if (listen(rx->fd, listener_backlog(l)) == 0) { | ^ 'tcp_resume_receiver': events 1-3 | | 122 | if (rx->fd < 0) | | ^ | | | | | (1) following 'false' branch... |...... | 125 | if (listen(rx->fd, listener_backlog(l)) == 0) { | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | || | | |(2) ...to here | | (3) '*rx.fd' leaks here |