https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94839
Bug ID: 94839
Summary: False positive with -fanalyzer and direct field
assignment from calloc
Product: gcc
Version: 10.0
Status: UNCONFIRMED
Keywords: diagnostic
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: pinskia at gcc dot gnu.org
Target Milestone: ---
Take:
struct bitmap
{
int min;
int max;
int *vec;
};
int bitmap_create(struct bitmap *bm, int min, int max)
{
int sz;
sz = (max / sizeof(int)) + 1;
bm->min = min;
bm->max = max;
bm->vec = __builtin_calloc(sz, sizeof(int));
if (!bm->vec)
return (-12);
return 0;
}
----- CUT ----
This gives (at -O2 -fanalyzer -W -Wall ):
In function ‘bitmap_create’:
t6666_1.c:18:12: warning: leak of ‘<unknown>’ [CWE-401]
[-Wanalyzer-malloc-leak]
18 | if (!bm->vec)
| ^
‘bitmap_create’: events 1-3
|
| 13 | sz = (max / sizeof(int)) + 1;
| | ~~~~~^~~~~~~~~~~~~~
| | |
| | (1) allocated here
|......
| 18 | if (!bm->vec)
| | ~
| | |
| | (2) assuming ‘<unknown>’ is non-NULL
| | (3) following ‘false’ branch...
|
‘bitmap_create’: event 4
|
|cc1:
| (4): ...to here
|
‘bitmap_create’: event 5
|
| 18 | if (!bm->vec)
| | ^
| | |
| | (5) ‘<unknown>’ leaks here; was allocated at (1)
|
Except there is no leaking as assign the calloc to bm->vec .
If we change the type of vec to void*, there is no warning.
