https://gcc.gnu.org/bugzilla/show_bug.cgi?id=123410
Bug ID: 123410
Summary: sys-devel/gcc incorrect -Wuse-after-free
Product: gcc
Version: 15.2.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: stefan11111 at shitposting dot expert
Target Milestone: ---
First reported here: https://bugs.gentoo.org/968376
C file:
$ cat realloc.c
#include <stddef.h>
#include <stdlib.h>
/* warning */
void f(void **ptr)
{
int size = 1; /* Can be anything */
void *tmp = malloc(size);
*ptr = realloc(tmp, size);
if (*ptr == NULL) {
*ptr = tmp;
}
}
/* no warning */
void g(void **ptr)
{
int size = 1; /* Can be anything */
void *tmp = malloc(size);
void *tmp2 = realloc(tmp, size);
if (tmp2 == NULL) {
*ptr = tmp;
}
*ptr = tmp2;
}
compiling:
$ gcc realloc.c -c -o realloc.o -O3 -Wall
realloc.c: In function 'f':
realloc.c:12:14: warning: pointer 'tmp' may be used after 'realloc'
[-Wuse-after-free]
12 | *ptr = tmp;
| ~~~~~^~~~~
realloc.c:10:12: note: call to 'realloc' here
10 | *ptr = realloc(tmp, size);
| ^~~~~~~~~~~~~~~~~~
Both f and g here do the same thing, but the compiler incorrectly finds a
use-after-free in f.
