https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104069
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |msebor at gcc dot gnu.org
Assignee|unassigned at gcc dot gnu.org |msebor at gcc dot
gnu.org
Status|UNCONFIRMED |ASSIGNED
Last reconfirmed| |2022-01-17
Ever confirmed|0 |1
--- Comment #3 from Martin Sebor <msebor at gcc dot gnu.org> ---
The warning triggers at -O0 and above for an IL that looks like this (at -O1):
<bb 6> [local count: 59126544]:
# sb_4 = PHI <0B(4), sb_3(5)>
b_15 = realloc (sb_4, 1);
if (b_15 != 0B)
goto <bb 7>; [99.96%]
else
goto <bb 8>; [0.04%]
<bb 7> [local count: 59102893]:
<bb 8> [local count: 59126544]:
# sb_5 = PHI <sb_4(6), b_15(7)>
return sb_5; <<< -Wuse-after-free
}
All it does is check to see if the use of sb_5 in the return statement is
dominated by the realloc call without considering the data flow (i.e., that
sb_5 is equal to sb_4 when b_15 is null).
The handling of the dominance is too simplistic. Let me look into make it more
intelligent.
