'[Bug c/107100] New: -fanalyzer false positive about leak in function with attribute((malloc)) obtain'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gcc-bugs
Subject:    [Bug c/107100] New: -fanalyzer false positive about leak in function with attribute((malloc)) obtain
From:       eblake at redhat dot com via Gcc-bugs <gcc-bugs () gcc ! gnu ! org>
Date:       2022-09-30 15:19:34
Message-ID: bug-107100-4 () http ! gcc ! gnu ! org/bugzilla/
[Download RAW message or body]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107100

            Bug ID: 107100
           Summary: -fanalyzer false positive about leak in function with
                    attribute((malloc)) obtained from another function
                    with attribute((malloc(free,1)))
           Product: gcc
           Version: 12.2.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: eblake at redhat dot com
  Target Milestone: ---

I'm at a loss for why disabling -O2 or removing __attribute__((malloc(free,1)))
from function f silences a false-positive warning about a memory leak in
function g with __attribute((malloc)) specifically documenting that g() wants
to return a just-allocated pointer:

$ cat foo.c
#include <stdlib.h>
#include <string.h>

char *
__attribute__((malloc))
#ifndef HACK
__attribute__((malloc(free,1)))
#endif
f (const char *i)
{
  return strdup (i);
}

char *
__attribute__((malloc))
__attribute__((malloc(free,1)))
bar (void)
{
  char *x = f ("test");
  return x;
}
$ gcc -O2 -Wsuggest-attribute=malloc -fanalyzer -o foo.o -c foo.c
$ gcc -DHACK -Wsuggest-attribute=malloc -fanalyzer -o foo.o -c foo.c
$ gcc -Wsuggest-attribute=malloc -fanalyzer -o foo.o -c foo.c
foo.c: In function ‘f':
foo.c:11:10: warning: leak of ‘x' [CWE-401] [-Wanalyzer-malloc-leak]
   11 |   return strdup (i);
      |          ^~~~~~~~~~
  ‘bar': events 1-3
    |
    |   17 | bar (void)
    |      | ^~~
    |      | |
    |      | (1) entry to ‘bar'
    |   18 | {
    |   19 |   char *x = f ("test");
    |      |             ~~~~~~~~~~
    |      |             |
    |      |             (2) allocated here
    |      |             (3) calling ‘f' from ‘bar'
    |
    +--> ‘f': events 4-5
           |
           |    9 | f (const char *i)
           |      | ^
           |      | |
           |      | (4) entry to ‘f'
           |   10 | {
           |   11 |   return strdup (i);
           |      |          ~~~~~~~~~~
           |      |          |
           |      |          (5) ‘x' leaks here; was allocated at (2)
           |=
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic