https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104370
Bug ID: 104370
Summary: False positive from
-Wanalyzer-mismatching-deallocation with reallocarray
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Target Milestone: ---
Created attachment 52344
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=52344&action=edit
Reduced reproducer
>From downstream report here:
https://bugzilla.redhat.com/show_bug.cgi?id=2047926#c0
Compiling the attachment with -fanalyzer gives:
<source>: In function 'main':
<source>:21:15: warning: 'foo' should have been deallocated with 'free' but was
deallocated with 'reallocarray' [CWE-762] [-Wanalyzer-mismatching-deallocation]
21 | new_foo = reallocarray(foo, 201, 200);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
'main': events 1-5
|
| 17 | foo = calloc(200, 200);
| | ^~~~~~~~~~~~~~~~
| | |
| | (1) allocated here (expects deallocation with 'free')
| 18 | if (!foo)
| | ~
| | |
| | (2) assuming 'foo' is non-NULL
| | (3) following 'false' branch (when 'foo' is non-NULL)...
|......
| 21 | new_foo = reallocarray(foo, 201, 200);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (4) ...to here
| | (5) deallocated with 'reallocarray' here; allocation
at (1) expects deallocation with 'free'
|
Compiler Explorer:
https://godbolt.org/z/K7xaxrfcs
Recent glibc headers declare reallocarray twice, with different attributes:
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=c1760eaf3b575ad174fd88b252fd16bd525fa818
