https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95026
Bug ID: 95026 Summary: "leak of FILE" false positive [CWE-775] [-Wanalyzer-file-leak] Product: gcc Version: 10.1.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: vincent-gcc at vinc17 dot net Target Milestone: --- On the following program (obtained after simplifying Mutt's imap/message.c) struct _IO_FILE; typedef struct _IO_FILE FILE; typedef struct _message { FILE *fp; } MESSAGE; extern FILE *fopen (const char *__restrict __filename, const char *__restrict __modes); FILE *f (void); int imap_fetch_message (int i, MESSAGE *msg, char *p) { if ((msg->fp = i ? 0 : f ())) return 0; if (p) msg->fp = fopen (p, "r"); return -1; } I get: zira:~> gcc-10 -c -O2 -fanalyzer tst.i In function ‘imap_fetch_message’: tst.i:15:13: warning: leak of FILE ‘<unknown>’ [CWE-775] [-Wanalyzer-file-leak] 15 | msg->fp = fopen (p, "r"); | ~~~~~~~~^~~~~~~~~~~~~~~~ ‘imap_fetch_message’: events 1-6 | | 12 | if ((msg->fp = i ? 0 : f ())) | | ^ | | | | | (1) following ‘false’ branch... | 13 | return 0; | 14 | if (p) | | ~ | | | | | (2) ...to here | | (3) following ‘true’ branch (when ‘p’ is non-NULL)... | 15 | msg->fp = fopen (p, "r"); | | ~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | | | (4) ...to here | | | (5) opened here | | (6) ‘<unknown>’ leaks here; was opened at (5) | Tested with: gcc-10 (Debian 10.1.0-1) 10.1.0 Note: if I replace the return value -1 by 0, then the warning disappears!