On the following program tst.c #include <stdlib.h> void *f (void) { void *p = malloc (8); if (p == NULL) abort (); return (void *) ((char *) p + 0); } void *g (void) { void *p = malloc (8); if (p == NULL) abort (); return (void *) ((char *) p + 1); } I get: cventin:~> gcc -c -fanalyzer tst.c tst.c: In function ‘g’: tst.c:16:10: warning: leak of ‘p’ [CWE-401] [-Wanalyzer-malloc-leak] 16 | return (void *) ((char *) p + 1); | ^~~~~~~~~~~~~~~~~~~~~~~~~ ‘g’: events 1-5 | | 13 | void *p = malloc (8); | | ^~~~~~~~~~ | | | | | (1) allocated here | 14 | if (p == NULL) | | ~ | | | | | (2) assuming ‘p’ is non-NULL | | (3) following ‘false’ branch (when ‘p’ is non-NULL)... | 15 | abort (); | 16 | return (void *) ((char *) p + 1); | | ~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (4) ...to here | | (5) ‘p’ leaks here; was allocated at (1) | (MPFR has something similar in its talloc-cache.c test in order to test the behavior of memory allocators, implemented in this test program as wrappers around malloc). Tested with gcc (GCC) 11.0.0 20201028 (experimental), based on commit c25d317cf7d4ea8df0402feb939ce286e5f42988.
Thanks for filing this bug. Confirmed. Am testing a fix.
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>: https://gcc.gnu.org/g:1a9af271275f4893e28c789c8f1964025694eda1 commit r11-4510-g1a9af271275f4893e28c789c8f1964025694eda1 Author: David Malcolm <dmalcolm@redhat.com> Date: Wed Oct 28 20:10:39 2020 -0400 analyzer: fix false leak diagnostic on offsets from malloc [PR97608] gcc/analyzer/ChangeLog: PR analyzer/97608 * region-model-reachability.cc (reachable_regions::handle_sval): Operands of reachable reversible operations are reachable. gcc/testsuite/ChangeLog: PR analyzer/97608 * gcc.dg/analyzer/malloc-1.c (test_42d): New. * gcc.dg/analyzer/pr97608.c: New test.
Should be fixed by the above commit.
Thanks. There's no longer any issue when testing GNU MPFR.