[Bug analyzer/93032] analyzer fails to detect FILE * leak in zlib/contrib/minizip/mztools.c

Mon Feb 24 23:32:00 GMT 2020

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93032

--- Comment #3 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:

https://gcc.gnu.org/g:b3d788a2cd35c734a683444c976abe14afc5c1c1

commit r10-6828-gb3d788a2cd35c734a683444c976abe14afc5c1c1
Author: David Malcolm <dmalcolm@redhat.com>
Date:   Fri Feb 21 10:50:16 2020 -0500

    analyzer: disable the "taint" checker by default

    PR analyzer/93032 tracks a false negative where we fail to report
    FILE * leaks within zlib/contrib/minizip/mztools.c.

    The underlying issue is a combinatorial explosion of states within the
    exploded graph.  In particular, the state of the "taint" checker is
    exploding, leading to the analyzer bailing out.

    I have a patch kit under construction that fixes the state explosion
    issue enough for the "file" checker to report the leaks, but doing so
    requires disabling the "taint" checker.  Given that the latter is more
    of a proof-of-concept, this patch disables it by default, to stop it
    breaking the other checkers.

    gcc/analyzer/ChangeLog:
        PR analyzer/93032
        * sm.cc (make_checkers): Require the "taint" checker to be
        explicitly enabled.

    gcc/ChangeLog:
        PR analyzer/93032
        * doc/invoke.texi (-Wnanalyzer-tainted-array-index): Note that
        -fanalyzer-checker=taint is also required.
        (-fanalyzer-checker=): Note that providing this option enables the
        given checker, and doing so may be required for checkers that are
        disabled by default.

    gcc/testsuite/ChangeLog:
        PR analyzer/93032
        * gcc.dg/analyzer/pr93382.c: Add "-fanalyzer-checker=taint".
        * gcc.dg/analyzer/taint-1.c: Likewise.