https://gcc.gnu.org/bugzilla/show_bug.cgi?id=122384
Bug ID: 122384
Summary: Use after free warning warns for harmless pointer
value use
Product: gcc
Version: 15.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: andi-gcc at firstfloor dot org
Target Milestone: ---
[this might be a dup]
extern void free(void *);
extern long strtoul(const char *, char **, int);
int read_glob_num(char *buf, long *num)
{
char *end;
*num = strtoul(buf, &end, 0);
free(buf);
return end > buf ? 0 : -1;
}
gets
% gcc -Wall uaf.c
uaf.c: In function 'read_glob_num':
uaf.c:9:30: warning: pointer 'buf' used after 'free' [-Wuse-after-free]
9 | return end > buf ? 0 : -1;
| ~~~~~~~~~~~~~~^~~~
uaf.c:8:9: note: call to 'free' here
8 | free(buf);
| ^~~~~~~~~
But the warning is bogus because buf is not actually referenced.
