On Sat, 22 Jun 2002, CBFalconer wrote:
> The following fragment:
>
> *temp = '\0'; /* mark line end, strip \n */
> cursize = temp - buffer;
> if (NULL == (temp = realloc(buffer, (size_t)cursize + 1))) {
> free(buffer); /* fouled somehow */
> return NULL;
> }
>
> temp and buffer are char *, cursize is int.
>
> results in:
>
> ggets.c(43,12): Dead storage buffer passed as out parameter to
> free: buffer Memory is used after it has been released (either
> by passing as an only param or assigning to an only global).
> (Use -usereleased to inhibit warning)
> ggets.c(42,32): Storage buffer is released
>
> The error would be failure to free buffer, which is local.
>
Splint's annotations aren't expressive enough to specify realloc precisely
enough for this to be interpreted correctly. A recommended workaround is
to avoid using realloc directly, but to provide your own version of it
with a simpler interface.
> Also splint fails to warn about failure to include string.h when
> using strchr(). However gcc 3.1 does.
>
Splint doesn't report these kinds of errors since it uses an ISO library
that includes all standard ISO library definitions.
--- Dave
> --
> Chuck F ([EMAIL PROTECTED]) ([EMAIL PROTECTED])
> Available for consulting/temporary embedded and systems.
> <http://cbfalconer.home.att.net> USE worldnet address!
>
