On Fri, Sep 30, 2022 at 05:27:00PM +0100, Richard W.M. Jones wrote: > On Fri, Sep 30, 2022 at 10:42:01AM -0500, Eric Blake wrote: > > Modern GCC has two related attributes for functions returning a > > pointer: > > > > __attribute__((__malloc__)) - this function returns a new pointer, not > > aliased to any existing pointer > > > > __attribute__((__malloc__(fn,1))) - call fn(return_value) to avoid > > leaking memory allocated by this function > > > > With those attributes, static analyzers can better detect when we pass > > the resulting pointer to the wrong deallocator, deallocate more than > > once, have a use after free, or otherwise leak the memory. (Sadly, as > > of gcc 12.2.1, -fanalyzer still has a LOT of false positives, such as: > > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107100; since our code > > base triggers some of these, we can't quite rely on it yet). > > --- > > lib/internal.h | 4 +++- > > generator/C.ml | 24 +++++++++++++++++++++--- > > 2 files changed, 24 insertions(+), 4 deletions(-) > >
> > ACK - worth a go, if it causes too many problems we can always > back it out later! In as 7e329735. The output of 'make CFLAGS="-fanalyzer -O2"' are verbose enough that I'm not sure if gcc 12.2.1 itself found any real issues, but maybe clang or Coverity, or even a future gcc, will better be able to help use these attributes to our benefit. -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org _______________________________________________ Libguestfs mailing list Libguestfs@redhat.com https://listman.redhat.com/mailman/listinfo/libguestfs
