[Bug c/109123] New: Bogus warning: pointer used after 'realloc' -Wuse-after-free

Tue, 14 Mar 2023 02:41:11 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109123

            Bug ID: 109123
           Summary: Bogus warning: pointer used after 'realloc'
                    -Wuse-after-free
           Product: gcc
           Version: 12.2.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: manu at gcc dot gnu.org
  Target Milestone: ---

```c
typedef long unsigned int size_t;
extern void *realloc (void *__ptr, size_t __size)
     __attribute__ ((__nothrow__ , __leaf__)) __attribute__
((__warn_unused_result__)) __attribute__ ((__alloc_size__ (2)));
struct vector_objective; 
typedef struct vector_objective vector_objective;
struct vector_objective { double *_begin; double *_end; double *_capacity; };
static inline size_t vector_objective_size(const vector_objective * v) { 
    return v->_end - v->_begin; 
}
static inline size_t vector_objective_capacity(const vector_objective * v) {
    return v->_capacity - v->_begin;
}
static inline void vector_objective_reserve(vector_objective * v, size_t n) {
    size_t old_capacity = vector_objective_capacity(v);
    size_t old_size = vector_objective_size(v);
    if (n > old_capacity) {
        v->_begin = realloc(v->_begin, sizeof(double) * n);
        v->_end = v->_begin + old_size;
        v->_capacity = v->_begin + n;
    }
}
static inline void vector_objective_push_back(vector_objective * v, double x) {
    if (v->_end == v->_capacity)
        vector_objective_reserve (v, (vector_objective_capacity (v) == 0) ? 8 :
2 * vector_objective_capacity (v));
    *(v->_end) = x;
    v->_end++;
}

typedef struct {
    vector_objective xy;
} eaf_polygon_t;


int
rectangle_add(eaf_polygon_t * regions, double lx)
{

    vector_objective_push_back(&regions->xy, lx);
    return 0;
}
```

With -Wall -c -O2 produces:

In function 'vector_objective_size',
    inlined from 'vector_objective_reserve' at <source>:15:23,
    inlined from 'vector_objective_push_back' at <source>:24:9,
    inlined from 'rectangle_add' at <source>:38:5:
<source>:8:20: warning: pointer used after 'realloc' [-Wuse-after-free]
    8 |     return v->_end - v->_begin;
      |                    ^
In function 'vector_objective_reserve',
    inlined from 'vector_objective_push_back' at <source>:24:9,
    inlined from 'rectangle_add' at <source>:38:5:
<source>:17:21: note: call to 'realloc' here
   17 |         v->_begin = realloc(v->_begin, sizeof(double) * n);
      | 

But the use occurs before not after the realloc.

Reply via email to