https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80532
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dmalcolm at gcc dot gnu.org
--- Comment #3 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
My analyzer finds these:
./xgcc -B. -fanalyzer -c ../../src/gcc/testsuite/gcc.dg/analyzer/pr80532.c
-ftime-report
../../src/gcc/testsuite/gcc.dg/analyzer/pr80532.c: In function ‘free_list’:
../../src/gcc/testsuite/gcc.dg/analyzer/pr80532.c:14:28: warning: use after
‘free’ of ‘p’ [CWE-416] [-Wanalyzer-use-after-free]
14 | for (p = head; p != 0; p = p->next) /* { dg-warning "use after 'free'
of 'p'" } */
| ~~^~~~~~~~~
‘free_list’: events 1-4
|
| 14 | for (p = head; p != 0; p = p->next) /* { dg-warning "use after
'free' of 'p'" } */
| | ^~~ ~~~~~~~~~~~
| | | |
| | | (4) use after ‘free’ of ‘p’; freed at
(3)
| | (1) following ‘true’ branch (when ‘p’ is non-NULL)...
| 15 | free (p); /* { dg-message "freed here" } */
| | ~~~~~~~~
| | |
| | (2) ...to here
| | (3) freed here
|
../../src/gcc/testsuite/gcc.dg/analyzer/pr80532.c:14:28: note: 8 duplicates
14 | for (p = head; p != 0; p = p->next) /* { dg-warning "use after 'free'
of 'p'" } */
| ~~^~~~~~~~~
../../src/gcc/testsuite/gcc.dg/analyzer/pr80532.c: In function ‘foobar’:
../../src/gcc/testsuite/gcc.dg/analyzer/pr80532.c:24:3: warning: double-‘free’
of ‘p’ [CWE-415] [-Wanalyzer-double-free]
24 | free (p); /* { dg-warning "double-'free' of 'p'" } */
| ^~~~~~~~
‘foobar’: events 1-2
|
| 22 | memset (p, 0, n);
| | ^~~~~~~~~~~~~~~~
| | |
| | (1) first ‘free’ here
| 23 | free (p); /* { dg-message "first 'free' here" } */
| 24 | free (p); /* { dg-warning "double-'free' of 'p'" } */
| | ~~~~~~~~
| | |
| | (2) second ‘free’ here; first ‘free’ was at (1)
|
