https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97074
Bug ID: 97074
Summary: -Wanalyzer-malloc-leak false positive when merging
states
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Target Milestone: ---
https://godbolt.org/z/5P3T8E
#include <stdlib.h>
void *x, *y;
void test_1 (int flag)
{
void *p = malloc (1024);
if (flag)
x = p;
else
y = p;
__analyzer_dump ();
}
Has this false leak report:
t.c:13:1: warning: leak of ‘p’ [CWE-401] [-Wanalyzer-malloc-leak]
13 | }
| ^
‘test_1’: events 1-2
|
| 7 | void *p = malloc (1024);
| | ^~~~~~~~~~~~~
| | |
| | (1) allocated here
|......
| 13 | }
| | ~
| | |
| | (2) ‘p’ leaks here; was allocated at (1)
|
__analyzer_dump shows that state merging leads to a merger of the x and y
values to unknown at the join-point:
rmodel:
stack depth: 1
frame (index 0): frame: ‘test_1’@1
clusters within ::
cluster for: x: UNKNOWN(void *)
cluster for: y: UNKNOWN(void *)
clusters within frame: ‘test_1’@1
cluster for: p_4: &HEAP_ALLOCATED_REGION(8)
m_called_unknown_fn: FALSE
constraint_manager:
equiv classes:
constraints:
malloc:
global: start
0x3d10590: &HEAP_ALLOCATED_REGION(8): unchecked (malloc) (‘p_4’)
