https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94378
Bug ID: 94378
Summary: -Wanalyzer-malloc-leak false positive when returning a
struct by value holding a heap-allocated pointer
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: simon.marchi at polymtl dot ca
Target Milestone: ---
I tried the analyzer, and I believe it outputs a false positive on this
snippet:
-----
#include <stdlib.h>
struct ret
{
int *mem;
};
struct ret do_stuff(void)
{
struct ret r;
r.mem = malloc(10);
return r;
}
-----
$ /opt/gcc/git/bin/gcc -c a.c -fanalyzer
a.c: In function ‘do_stuff’:
a.c:14:10: warning: leak of ‘<unknown>’ [CWE-401] [-Wanalyzer-malloc-leak]
14 | return r;
| ^
‘do_stuff’: events 1-2
|
| 12 | r.mem = malloc(10);
| | ^~~~~~~~~~
| | |
| | (1) allocated here
| 13 |
| 14 | return r;
| | ~
| | |
| | (2) ‘<unknown>’ leaks here; was allocated at (1)
|
a.c:14:10: warning: leak of ‘r.mem’ [CWE-401] [-Wanalyzer-malloc-leak]
14 | return r;
| ^
‘do_stuff’: events 1-3
|
| 12 | r.mem = malloc(10);
| | ~~~~~~~~^~~~~~~~~~
| | | |
| | | (1) allocated here
| | (2) allocated here
| 13 |
| 14 | return r;
| | ~
| | |
| | (3) ‘r.mem’ leaks here; was allocated at (2)
|
-----
The caller receives the `struct ret` struct by value, and is expected to free
the `mem` field. I believe the analyzer should not conclude that this is a
leak.
I am on commit 52f24a9e989300506f812bacb8cc302a8bf03a06 (a commit from earlier
today).
