[Bug analyzer/95026] New: "leak of FILE" false positive [CWE-775] [-Wanalyzer-file-leak]
vincent-gcc at vinc17 dot net
gcc-bugzilla@gcc.gnu.org
Sat May 9 21:25:53 GMT 2020
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95026
Bug ID: 95026
Summary: "leak of FILE" false positive [CWE-775]
[-Wanalyzer-file-leak]
Product: gcc
Version: 10.1.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: vincent-gcc at vinc17 dot net
Target Milestone: ---
On the following program (obtained after simplifying Mutt's imap/message.c)
struct _IO_FILE;
typedef struct _IO_FILE FILE;
typedef struct _message
{
FILE *fp;
} MESSAGE;
extern FILE *fopen (const char *__restrict __filename,
const char *__restrict __modes);
FILE *f (void);
int imap_fetch_message (int i, MESSAGE *msg, char *p)
{
if ((msg->fp = i ? 0 : f ()))
return 0;
if (p)
msg->fp = fopen (p, "r");
return -1;
}
I get:
zira:~> gcc-10 -c -O2 -fanalyzer tst.i
In function ‘imap_fetch_message’:
tst.i:15:13: warning: leak of FILE ‘<unknown>’ [CWE-775] [-Wanalyzer-file-leak]
15 | msg->fp = fopen (p, "r");
| ~~~~~~~~^~~~~~~~~~~~~~~~
‘imap_fetch_message’: events 1-6
|
| 12 | if ((msg->fp = i ? 0 : f ()))
| | ^
| | |
| | (1) following ‘false’ branch...
| 13 | return 0;
| 14 | if (p)
| | ~
| | |
| | (2) ...to here
| | (3) following ‘true’ branch (when ‘p’ is non-NULL)...
| 15 | msg->fp = fopen (p, "r");
| | ~~~~~~~~~~~~~~~~~~~~~~~~
| | | |
| | | (4) ...to here
| | | (5) opened here
| | (6) ‘<unknown>’ leaks here; was opened at (5)
|
Tested with: gcc-10 (Debian 10.1.0-1) 10.1.0
Note: if I replace the return value -1 by 0, then the warning disappears!
More information about the Gcc-bugs
mailing list