[Bug analyzer/118500] no diagnostics with strsep(3) and [[gnu::malloc(free)]] attribute

dmalcolm at gcc dot gnu.org via Gcc-bugs Mon, 20 Jan 2025 10:53:25 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=118500


David Malcolm <dmalcolm at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
     Ever confirmed|0                           |1
   Last reconfirmed|                            |2025-01-20
             Status|UNCONFIRMED                 |NEW

--- Comment #5 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Thanks for filing this report.

There are (at least) three -fanalyzer issues here:

(a) false positive about leak of 'my_strdup("f,oo")':
  https://godbolt.org/z/rKxhfxWGf
This is probably due to -fanalyzer getting confused by having both the
attribute and a function body.  I think there's already a report about this in
BZ somewhere.

(b) -fanalyzer doesn't "know" about the behavior of strsep beyond "knowing"
that it doesn't malloc or free anything internally.  Hence it doesn't know that
it will advance s to a point within the buffer that's not the start (and hence
the later "free" is a bug).

(c) With the "s++;" case in comment #4, -fanalyzer doesn't warn about free
called on a pointer *within* the buffer; it seems like it should.
https://godbolt.org/z/dMaGnTEYs

[Bug analyzer/118500] no diagnostics with strsep(3) and [[gnu::malloc(free)]] attribute

Reply via email to