[Bug analyzer/118500] no diagnostics with strsep(3) and [[gnu::malloc(free)]] attribute

alx at kernel dot org via Gcc-bugs Wed, 15 Jan 2025 14:21:04 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=118500


--- Comment #4 from Alejandro Colomar <alx at kernel dot org> ---
(In reply to Andrew Pinski from comment #1)
> I think this need analyzer to handle really.

We get a -Wfree-nonheap-object if I change the strsep(3) call by s++.

I think we should treat any call that gets the address of the pointer
(non-const) as potentially (most likely) modifying it, and thus trigger a
warning.


alx@devuan:~/tmp/gcc$ cat strsep3.c 
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

[[gnu::malloc(free)]]
char *my_strdup(const char *s)
{
        return strdup(s);
}

[[gnu::noipa]]
int
g(void)
{
        char *s;

        s = my_strdup("f,oo");
        if (s == NULL)
                return -1;

        s++; //strsep(&s, ",");
        puts(s);
        free(s);
        return 0;
}

int
main(void)
{
        return g();
}
alx@devuan:~/tmp/gcc$ gcc-15 -Wall -Wextra -O3 strsep3.c 
strsep3.c: In function ‘g’:
strsep3.c:23:9: warning: ‘free’ called on pointer ‘<unknown>’ with nonzero
offset 1 [-Wfree-nonheap-object]
   23 |         free(s);
      |         ^~~~~~~
In function ‘my_strdup’,
    inlined from ‘g’ at strsep3.c:17:6:
strsep3.c:8:16: note: returned from ‘strdup’
    8 |         return strdup(s);
      |                ^~~~~~~~~

[Bug analyzer/118500] no diagnostics with strsep(3) and [[gnu::malloc(free)]] attribute

Reply via email to