https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97608
Bug ID: 97608
Summary: -Wanalyzer-malloc-leak false positive when returning
p+1 instead of p
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: vincent-gcc at vinc17 dot net
Target Milestone: ---
On the following program tst.c
#include <stdlib.h>
void *f (void)
{
void *p = malloc (8);
if (p == NULL)
abort ();
return (void *) ((char *) p + 0);
}
void *g (void)
{
void *p = malloc (8);
if (p == NULL)
abort ();
return (void *) ((char *) p + 1);
}
I get:
cventin:~> gcc -c -fanalyzer tst.c
tst.c: In function ‘g’:
tst.c:16:10: warning: leak of ‘p’ [CWE-401] [-Wanalyzer-malloc-leak]
16 | return (void *) ((char *) p + 1);
| ^~~~~~~~~~~~~~~~~~~~~~~~~
‘g’: events 1-5
|
| 13 | void *p = malloc (8);
| | ^~~~~~~~~~
| | |
| | (1) allocated here
| 14 | if (p == NULL)
| | ~
| | |
| | (2) assuming ‘p’ is non-NULL
| | (3) following ‘false’ branch (when ‘p’ is non-NULL)...
| 15 | abort ();
| 16 | return (void *) ((char *) p + 1);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (4) ...to here
| | (5) ‘p’ leaks here; was allocated at (1)
|
(MPFR has something similar in its talloc-cache.c test in order to test the
behavior of memory allocators, implemented in this test program as wrappers
around malloc).
Tested with gcc (GCC) 11.0.0 20201028 (experimental), based on commit
c25d317cf7d4ea8df0402feb939ce286e5f42988.
