https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99774
Bug ID: 99774
Summary: False positive from -Wanalyzer-malloc-leak in loop
(qemu:libvhost-user.c)
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Target Milestone: ---
Created attachment 50472
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=50472&action=edit
Reduced reproducer
I got a report about a false leak warning from the analyzer on some code in
qemu.
I'm attaching a reduced reproducer from qemu which triggers the issue:
$ ./xgcc -B. -S -fanalyzer ../../src/libvhost-user-1.c
../../src/libvhost-user-1.c: In function ‘vu_check_queue_inflights’:
../../src/libvhost-user-1.c:52:51: warning: leak of ‘*vq.resubmit_list’
[CWE-401] [-Wanalyzer-malloc-leak]
52 | vq->resubmit_list[vq->resubmit_num].index = i; /* { dg-bogus
"leak" } */
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~
‘vu_check_queue_inflights’: events 1-11
|
| 44 | if (vq->inuse) {
| | ^
| | |
| | (1) following ‘true’ branch...
| 45 | vq->resubmit_list = calloc(vq->inuse,
sizeof(VuVirtqInflightDesc));
| |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | | |
| | | (2) ...to here
| | (3) allocated here
| 46 | if (!vq->resubmit_list) {
| | ~
| | |
| | (4) assuming ‘*vq.resubmit_list’ is non-NULL
| | (5) following ‘false’ branch...
|......
| 50 | for (i = 0; i < vq->inflight->desc_num; i++) {
| | ~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~
| | | |
| | | (7) following ‘true’ branch...
| | | (9) following ‘true’ branch...
| | (6) ...to here
| 51 | if (vq->inflight->desc[i].inflight) {
| | ~~~~~~~~~~~~
| | |
| | (8) ...to here
| | (10) ...to here
| 52 | vq->resubmit_list[vq->resubmit_num].index = i; /* {
dg-bogus "leak" } */
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (11)
‘*vq.resubmit_list’ leaks here; was allocated at (3)
|
