https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106003
Bug ID: 106003 Summary: RFE: -fanalyzer could complain about misuse of file-descriptors Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- -fanalyzer could be extended to check POSIX file-descriptor APIs ("int" rather than FILE *). e.g. - check for FD leaks - check for double "close" of a FD (CWE-1341, I believe) - check for read/write of a closed descriptor - check for read/write of a descriptor opened for just writing/reading etc Immad Mir is looking at this for GSoC 2022. Example of a "double file-descriptor close" bug: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13351 albeit in C++.