https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80047
Bug ID: 80047
Summary: fixincludes/fixincl.c: PVS-Studio: Improper Release of
Memory Before Removing Last Reference (CWE-401)
Product: gcc
Version: 7.0.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: other
Assignee: unassigned at gcc dot gnu.org
Reporter: khandeliants at viva64 dot com
Target Milestone: ---
We have found a weakness (CWE-401) using PVS-Studio tool. PVS-Studio is a
static code analyzer for C, C++ and C#: https://www.viva64.com/en/pvs-studio/
Analyzer warning: V575 The null pointer is passed into 'getcwd' function.
Inspect the first argument. fixincl.c 1357
void process (void)
{
....
if (access (pz_curr_file, R_OK) != 0)
{
int erno = errno;
fprintf (stderr,
"Cannot access %s from %s\n\terror %d (%s)\n",
pz_curr_file,
getcwd ((char *) NULL, MAXPATHLEN), // <=
erno,
xstrerror (erno));
return;
}
....
}
As an extension to the POSIX.1-2001 standard, glibc's getcwd() allocates the
buffer dynamically using malloc if buf is NULL. In this case, the allocated
buffer has the length size unless size is zero, when buf is allocated as big as
necessary. The caller should free the returned buffer.
