https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114880
Bug ID: 114880 Summary: analyzer: False positive Wanalyzer-fd-use-after-close when open returns the same fd Product: gcc Version: 13.2.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: alan.coopersmith at oracle dot com Target Milestone: --- Created attachment 58058 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=58058&action=edit dup2.c test case I've hit this originally with gcc 13.2 when building xfs with -fanalyzer. I extracted this simplified test case from https://gitlab.freedesktop.org/xorg/app/xfs/-/blob/master/os/daemon.c and when built with "gcc -fanalyzer -c dup2.c" it reports: dup2.c:30:9: warning: ‘dup2’ on closed file descriptor ‘0’ [-Wanalyzer-fd-use-after-close] 30 | if (dup2 (0, 1) == -1) { | ^~~~~~~~~~~ ‘DetachStdio’: events 1-6 | | 10 | close (0); | | ^~~~~~~~~ | | | | | (1) closed here |...... | 18 | if (nullfd == -1) { | | ~ | | | | | (2) following ‘false’ branch (when ‘nullfd != -1’)... |...... | 22 | if (nullfd != 0) { | | ~ | | | | | (3) ...to here | | (4) following ‘false’ branch (when ‘nullfd == 0’)... |...... | 30 | if (dup2 (0, 1) == -1) { | | ~~~~~~~~~~~ | | | | | (5) ...to here | | (6) ‘dup2’ on closed file descriptor ‘0’; ‘close’ was at (1) | dup2.c:34:9: warning: ‘dup2’ on closed file descriptor ‘0’ [-Wanalyzer-fd-use-after-close] 34 | if (dup2 (0, 2) == -1) { | ^~~~~~~~~~~ ‘DetachStdio’: events 1-8 | | 10 | close (0); | | ^~~~~~~~~ | | | | | (1) closed here |...... | 18 | if (nullfd == -1) { | | ~ | | | | | (2) following ‘false’ branch (when ‘nullfd != -1’)... |...... | 22 | if (nullfd != 0) { | | ~ | | | | | (3) ...to here | | (4) following ‘false’ branch (when ‘nullfd == 0’)... |...... | 30 | if (dup2 (0, 1) == -1) { | | ~~~~~~~~~~~~ | | || | | |(5) ...to here | | (6) following ‘false’ branch... |...... | 34 | if (dup2 (0, 2) == -1) { | | ~~~~~~~~~~~ | | | | | (7) ...to here | | (8) ‘dup2’ on closed file descriptor ‘0’; ‘close’ was at (1) | But in both these cases if it followed the ‘nullfd == 0’ path as it claims, then 0 is a valid fd returned from "nullfd = open ("/dev/null", O_RDWR);" (This test case also returns other false positives, covered by other bugs such as bug 113329.)