[Bug middle-end/109990] [12/13/14 Regression] Bogus -Wuse-after-free warning after realloc
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109990 Jeffrey A. Law changed: What|Removed |Added Priority|P3 |P2
[Bug middle-end/109990] [12/13/14 Regression] Bogus -Wuse-after-free warning after realloc
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109990 Jeffrey A. Law changed: What|Removed |Added Last reconfirmed||2024-03-10 CC||law at gcc dot gnu.org Status|UNCONFIRMED |NEW Ever confirmed|0 |1
[Bug middle-end/109990] [12/13/14 Regression] Bogus -Wuse-after-free warning after realloc
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109990 Richard Biener changed: What|Removed |Added Target Milestone|--- |12.4
[Bug middle-end/109990] [12/13/14 Regression] Bogus -Wuse-after-free warning after realloc
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109990 --- Comment #6 from Andrew Pinski --- (In reply to Bruno Haible from comment #4) > That is the only way of keeping track of pointers _into_ the string_space > area, when it is reallocated. How else would you want to do it? You could use intptr_t casting to do the subtraction ...
[Bug middle-end/109990] [12/13/14 Regression] Bogus -Wuse-after-free warning after realloc
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109990 --- Comment #5 from Bruno Haible --- Created attachment 55170 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=55170=edit test case bar2.c Find attached a modified test case. I changed the code to map[i].alias = new_pool + (map[i].alias - string_space); map[i].value = new_pool + (map[i].value - string_space); so that it subtracts pointers into the old string_space, producing an integer, and adding that integer to new_pool. It produces the same warning (even twice, apparently because there is no common subexpression between the two lines any more): $ gcc -Wall -O2 -S bar2.c bar2.c: In function ‘read_alias_file’: bar2.c:123:67: warning: pointer may be used after ‘realloc’ [-Wuse-after-free] 123 | map[i].value = new_pool + (map[i].value - string_space); | ~~^~~ bar2.c:114:45: note: call to ‘realloc’ here 114 | char *new_pool = (char *) realloc (string_space, new_size); | ^~~~ bar2.c:122:67: warning: pointer may be used after ‘realloc’ [-Wuse-after-free] 122 | map[i].alias = new_pool + (map[i].alias - string_space); | ~~^~~ bar2.c:114:45: note: call to ‘realloc’ here 114 | char *new_pool = (char *) realloc (string_space, new_size); | ^~~~
[Bug middle-end/109990] [12/13/14 Regression] Bogus -Wuse-after-free warning after realloc
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109990 --- Comment #4 from Bruno Haible --- > > > > char *new_pool = (char *) realloc (string_space, > > new_size); > > if (new_pool == ((void *)0)) > > goto out; > > if (__builtin_expect (string_space != new_pool, 0)) > > { > > size_t i; > > for (i = 0; i < nmap; i++) > > { > > map[i].alias += new_pool - string_space; > > map[i].value += new_pool - string_space; > > } > > } > > string_space = new_pool; > Also I think `new_pool - string_space` is undefined really. That is > subtracting two unrelated arrays is undefined. You can only compare equality > on them. That is the only way of keeping track of pointers _into_ the string_space area, when it is reallocated. How else would you want to do it?
[Bug middle-end/109990] [12/13/14 Regression] Bogus -Wuse-after-free warning after realloc
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109990 --- Comment #3 from Andrew Pinski --- (In reply to Andrew Pinski from comment #1) > ``` > > char *new_pool = (char *) realloc (string_space, new_size); > if (new_pool == ((void *)0)) > goto out; > if (__builtin_expect (string_space != new_pool, 0)) > { > size_t i; > for (i = 0; i < nmap; i++) > { > map[i].alias += new_pool - string_space; > map[i].value += new_pool - string_space; > } > } > string_space = new_pool; > ``` > > Hmmm Also I think `new_pool - string_space` is undefined really. That is subtracting two unrelated arrays is undefined. You can only compare equality on them.
[Bug middle-end/109990] [12/13/14 Regression] Bogus -Wuse-after-free warning after realloc
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109990 Andrew Pinski changed: What|Removed |Added See Also||https://gcc.gnu.org/bugzill ||a/show_bug.cgi?id=104215 --- Comment #2 from Andrew Pinski --- See also the discussion starting at bug 104215 comment #2.
[Bug middle-end/109990] [12/13/14 Regression] Bogus -Wuse-after-free warning after realloc
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109990 --- Comment #1 from Andrew Pinski --- ``` char *new_pool = (char *) realloc (string_space, new_size); if (new_pool == ((void *)0)) goto out; if (__builtin_expect (string_space != new_pool, 0)) { size_t i; for (i = 0; i < nmap; i++) { map[i].alias += new_pool - string_space; map[i].value += new_pool - string_space; } } string_space = new_pool; ``` Hmmm