https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102934
Bug ID: 102934
Summary: missing warning passing address of first member to
free()
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: middle-end
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
GCC diagnoses the first invalid call to free() below but fails to diagnose the
second. The problem is due to the warning using Object Size Type 0 (whole
objects) rather than 1 (subobjects) to determine the identity of the object
being freed.
$ cat z.c && gcc -O2 -S -Wall z.c
struct A { int i, a[2]; };
void f (struct A *p)
{
__builtin_free (p->a); // -Wfree-nonheap-object (good)
}
struct B { int a[2], j; };
void g (struct B *p)
{
__builtin_free (p->a); // missing warning
}
z.c: In function ‘f’:
z.c:5:3: warning: ‘__builtin_free’ called on pointer ‘p’ with nonzero offset 4
[-Wfree-nonheap-object]
5 | __builtin_free (p->a); // -Wfree-nonheap-object (good)
| ^~~~~~~~~~~~~~~~~~~~~
