https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104979
Bug ID: 104979
Summary: False positive from -Wanalyzer-malloc-leak with cast
within boxed pointer
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Target Milestone: ---
Given:
#include <stdlib.h>
typedef struct boxed_ptr { void *value; } boxed_ptr;
boxed_ptr
boxed_malloc (size_t sz)
{
boxed_ptr result;
result.value = malloc (sz);
return result;
}
boxed_ptr
boxed_free (boxed_ptr ptr)
{
free (ptr.value);
}
const boxed_ptr boxed_null = {NULL};
struct link
{
boxed_ptr m_ptr;
};
boxed_ptr test_29 (void)
{
boxed_ptr res = boxed_malloc (sizeof (struct link));
if (!res.value)
return boxed_null;
((struct link *)res.value)->m_ptr = boxed_malloc (sizeof (struct link));
return res;
}
-fanalyzer emits (incorrectly, I think):
<source>: In function 'boxed_malloc':
<source>:10:10: warning: leak of '<return-value>.value' [CWE-401]
[-Wanalyzer-malloc-leak]
10 | return result;
| ^~~~~~
'test_29': events 1-4
|
| 26 | boxed_ptr test_29 (void)
| | ^~~~~~~
| | |
| | (1) entry to 'test_29'
|......
| 29 | if (!res.value)
| | ~
| | |
| | (2) following 'false' branch...
| 30 | return boxed_null;
| 31 | ((struct link *)res.value)->m_ptr = boxed_malloc (sizeof (struct
link));
| | ~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | | |
| | | (4) calling 'boxed_malloc'
from 'test_29'
| | (3) ...to here
|
+--> 'boxed_malloc': events 5-7
|
| 6 | boxed_malloc (size_t sz)
| | ^~~~~~~~~~~~
| | |
| | (5) entry to 'boxed_malloc'
|......
| 9 | result.value = malloc (sz);
| | ~~~~~~~~~~~
| | |
| | (6) allocated here
| 10 | return result;
| | ~~~~~~
| | |
| | (7) '<return-value>.value' leaks here; was
allocated at (6)
|
https://godbolt.org/z/1e9n8dnvM
