https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105102
Bug ID: 105102
Summary: RFE: analyzer handling for asprintf and vasprintf
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Target Milestone: ---
(spotted while fixing PR analyzer/105087)
We don't yet have any special-casing of asprintf and vasprintf, and there
doesn't seem to be a way to express their behavior with attributes.
Would be nice to bifurcate state, and:
- on success, track that *ARG is to be freed with free (and thus we can detect
memory leaks, wrong deallocator, etc),
- on failure, *ARG is undefined; exactly what we should do here is unclear
(what exactly does glibc do? https://linux.die.net/man/3/vasprintf says that
the "FreeBSD implementation sets strp to NULL on error.", presumably it means
*strp; ee PR 44435).
Maybe we need a new kind of poisoned_svalue "undefined" for the error case,
since there's no guarantee made about what the state of *ARG is?
