https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98989
Martin Sebor <msebor at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |diagnostic --- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> --- The reason the invalid call isn't diagnosed is because the allocation call is "hidden" behind the call to std::__cxx11::basic_string<char>::_M_create(), and _M_create isn't annotated as an allocation function (with attribute malloc). In this case, though, the optimized IL shows that besides free() the function also calls operator delete() on the same pointer. That's almost certainly wrong regardless of the control flow and so the warning could trigger simply on that basis. annotating _M_create() shouldn't be necessary ;; Function f (_Z1fv, funcdef_no=1194, decl_uid=32383, cgraph_uid=317, symbol_order=347) Removing basic block 5 void f () { size_type __dnew; struct string str; char * _7; char * _9; long unsigned int _11; long unsigned int _12; char * _19; long unsigned int __dnew.6_20; long unsigned int __dnew.7_22; char * _23; char * _24; <bb 2> [local count: 1073741824]: MEM[(struct basic_string *)&str] ={v} {CLOBBER}; MEM[(struct _Alloc_hider *)&str] ={v} {CLOBBER}; MEM[(struct _Alloc_hider *)&str]._M_p = &str.D.24447._M_local_buf; __dnew = 16; _19 = std::__cxx11::basic_string<char>::_M_create (&str, &__dnew, 0); str._M_dataplus._M_p = _19; __dnew.6_20 = __dnew; str.D.24447._M_allocated_capacity = __dnew.6_20; __builtin_memcpy (_19, "abcdefghijklmnop", 16); __dnew.7_22 = __dnew; str._M_string_length = __dnew.7_22; _23 = str._M_dataplus._M_p; _24 = _23 + __dnew.7_22; MEM[(char_type &)_24] = 0; __dnew ={v} {CLOBBER}; _7 = str._M_dataplus._M_p; free (_7); _9 = str._M_dataplus._M_p; if (&str.D.24447._M_local_buf != _9) goto <bb 3>; [53.47%] else goto <bb 4>; [46.53%] <bb 3> [local count: 574129753]: _11 = str.D.24447._M_allocated_capacity; _12 = _11 + 1; operator delete (_9, _12); <bb 4> [local count: 1073741824]: str ={v} {CLOBBER}; str ={v} {CLOBBER}; return; }