https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94378
Bug ID: 94378 Summary: -Wanalyzer-malloc-leak false positive when returning a struct by value holding a heap-allocated pointer Product: gcc Version: unknown Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: simon.marchi at polymtl dot ca Target Milestone: --- I tried the analyzer, and I believe it outputs a false positive on this snippet: ----- #include <stdlib.h> struct ret { int *mem; }; struct ret do_stuff(void) { struct ret r; r.mem = malloc(10); return r; } ----- $ /opt/gcc/git/bin/gcc -c a.c -fanalyzer a.c: In function ‘do_stuff’: a.c:14:10: warning: leak of ‘<unknown>’ [CWE-401] [-Wanalyzer-malloc-leak] 14 | return r; | ^ ‘do_stuff’: events 1-2 | | 12 | r.mem = malloc(10); | | ^~~~~~~~~~ | | | | | (1) allocated here | 13 | | 14 | return r; | | ~ | | | | | (2) ‘<unknown>’ leaks here; was allocated at (1) | a.c:14:10: warning: leak of ‘r.mem’ [CWE-401] [-Wanalyzer-malloc-leak] 14 | return r; | ^ ‘do_stuff’: events 1-3 | | 12 | r.mem = malloc(10); | | ~~~~~~~~^~~~~~~~~~ | | | | | | | (1) allocated here | | (2) allocated here | 13 | | 14 | return r; | | ~ | | | | | (3) ‘r.mem’ leaks here; was allocated at (2) | ----- The caller receives the `struct ret` struct by value, and is expected to free the `mem` field. I believe the analyzer should not conclude that this is a leak. I am on commit 52f24a9e989300506f812bacb8cc302a8bf03a06 (a commit from earlier today).