https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99193
Bug ID: 99193
Summary: Bogus "should have been deallocated with 'free' but
was deallocated with 'realloc' [CWE-762]
[-Werror=analyzer-mismatching-deallocation]"
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: rjones at redhat dot com
Target Milestone: ---
https://github.com/libguestfs/libguestfs/blob/f19fd566f6387ce7e4d82409528c9dde374d25e0/daemon/command.c#L115
This fails to compile with:
gcc -DHAVE_CONFIG_H -I. -I.. -DCAML_NAME_SPACE -I/usr/lib64/ocaml
-I/usr/lib64/ocaml/hivex -I../gnulib/lib -I../gnulib/lib -I../lib -I../lib
-I../common/errnostring -I../common/errnostring -I../common/protocol
-I../common/protocol -I../common/utils -I../common/utils -fanalyzer
-fno-common -Wall -Warith-conversion -Wbad-function-cast -Wcast-align=strict
-Wdate-time -Wdisabled-optimization -Wdouble-promotion -Wduplicated-branches
-Wduplicated-cond -Wextra -Wformat-signedness -Winit-self -Winvalid-pch
-Wlogical-op -Wmissing-declarations -Wmissing-include-dirs -Wmissing-prototypes
-Wnested-externs -Wnull-dereference -Wold-style-definition -Wopenmp-simd
-Wpointer-arith -Wstrict-overflow -Wstrict-prototypes -Wsuggest-attribute=cold
-Wsuggest-attribute=format -Wsuggest-attribute=noreturn -Wsuggest-final-methods
-Wsuggest-final-types -Wsync-nand -Wtrampolines -Wuninitialized
-Wunknown-pragmas -Wunused-macros -Wvariadic-macros
-Wvector-operation-performance -Wwrite-strings -Warray-bounds=2
-Wattribute-alias=2 -Wformat-overflow=2 -Wformat=2 -Wformat-truncation=2
-Wimplicit-fallthrough=5 -Wshift-overflow=2 -Wunused-const-variable=2
-Wno-analyzer-double-free -Wno-analyzer-malloc-leak
-Wno-analyzer-null-dereference -Wno-analyzer-use-after-free
-Wno-unused-parameter -Wno-missing-field-initializers -fdiagnostics-show-option
-Wframe-larger-than=6000 -Wstack-usage=10000 -Wimplicit-fallthrough=4
-Wformat-truncation=1 -Wformat-overflow=1 -Wno-pragmas -Werror
-I/usr/include/tirpc -I/usr/include/libxml2 -O2 -g -fPIC
-fno-strict-overflow -Wno-strict-overflow -MT guestfsd-command.o -MD -MP -MF
.deps/guestfsd-command.Tpo -c -o guestfsd-command.o `test -f 'command.c' ||
echo './'`command.c
command.c: In function ‘commandrf’:
command.c:136:22: error: ‘argv’ should have been deallocated with ‘free’ but
was deallocated with ‘realloc’ [CWE-762]
[-Werror=analyzer-mismatching-deallocation]
136 | const char **p = realloc (argv, sizeof (char *) * (++i));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
‘commandrf’: events 1-4
|
| 125 | argv = malloc (sizeof (char *) * i);
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (1) allocated here (expects deallocation with ‘free’)
| 126 | if (argv == NULL) {
| | ~
| | |
| | (2) assuming ‘argv’ is non-NULL
| | (3) following ‘false’ branch...
|......
| 130 | argv[0] = (char *) name;
| | ~~~~
| | |
| | (4) ...to here
|
‘commandrf’: events 5-7
|
| 135 | while ((s = va_arg (args, char *)) != NULL) {
| | ^
| | |
| | (5) following ‘true’ branch
(when ‘s’ is non-NULL)...
| 136 | const char **p = realloc (argv, sizeof (char *) * (++i));
| | ~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | | |
| | | (7) deallocated with ‘realloc’ here;
allocation at (1) expects deallocation with ‘free’
| | (6) ...to here
|
cc1: all warnings being treated as errors
make[1]: *** [Makefile:3261: guestfsd-command.o] Error 1
This error appears to be bogus.
argv has __attribute__((cleanup)) which will call free(3) on return
paths out of the function, such as realloc failing. If realloc
is successful then the old argv is freed and the new allocation
is assigned to argv.
