https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90906
--- Comment #2 from Eric Gallager <egallager at gcc dot gnu.org> ---
(In reply to Martin Sebor from comment #0)
> GCC doesn't diagnose returning a freed pointer as in the function below:
>
> void* f (void *p)
> {
> __builtin_free (p);
> // ...
> return p;
> }
>
> It could, by performing an analysis similar to -Wreturn-local-addr. The
> detection would make it possible to find among other things bugs in C++ code
> due to returning pointers into local containers, such as:
>
> #include <vector>
>
> int* f ()
> {
> std::vector<int> v (3, 5);
> return v.data ();
> }
I tested both of these with David Malcolm's static analyzer branch on Godbolt
and it was silent on the first one, but ICEd on the second one:
https://godbolt.org/z/L38Fa_
Output:
during IPA pass: analyzer
<source>:7:3: internal compiler error: Segmentation fault
7 | }
| ^
Please submit a full bug report,
with preprocessed source if appropriate.
See <https://gcc.gnu.org/bugs/> for instructions.
Compiler returned: 1
