[Bug middle-end/98989] missing -Wfree-nonheap-object freeing std::strings over 15 bytes long

msebor at gcc dot gnu.org gcc-bugzilla@gcc.gnu.org
Sun Feb 7 22:44:03 GMT 2021 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98989

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |diagnostic

--- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> ---
The reason the invalid call isn't diagnosed is because the allocation call is
"hidden" behind the call to std::__cxx11::basic_string<char>::_M_create(), and
_M_create isn't annotated as an allocation function (with attribute malloc).

In this case, though, the optimized IL shows that besides free() the function
also calls operator delete() on the same pointer.  That's almost certainly
wrong regardless of the control flow and so the warning could trigger simply on
that basis.

annotating _M_create() shouldn't be necessary

;; Function f (_Z1fv, funcdef_no=1194, decl_uid=32383, cgraph_uid=317,
symbol_order=347)

Removing basic block 5
void f ()
{
  size_type __dnew;
  struct string str;
  char * _7;
  char * _9;
  long unsigned int _11;
  long unsigned int _12;
  char * _19;
  long unsigned int __dnew.6_20;
  long unsigned int __dnew.7_22;
  char * _23;
  char * _24;

  <bb 2> [local count: 1073741824]:
  MEM[(struct basic_string *)&str] ={v} {CLOBBER};
  MEM[(struct _Alloc_hider *)&str] ={v} {CLOBBER};
  MEM[(struct _Alloc_hider *)&str]._M_p = &str.D.24447._M_local_buf;
  __dnew = 16;
  _19 = std::__cxx11::basic_string<char>::_M_create (&str, &__dnew, 0);
  str._M_dataplus._M_p = _19;
  __dnew.6_20 = __dnew;
  str.D.24447._M_allocated_capacity = __dnew.6_20;
  __builtin_memcpy (_19, "abcdefghijklmnop", 16);
  __dnew.7_22 = __dnew;
  str._M_string_length = __dnew.7_22;
  _23 = str._M_dataplus._M_p;
  _24 = _23 + __dnew.7_22;
  MEM[(char_type &)_24] = 0;
  __dnew ={v} {CLOBBER};
  _7 = str._M_dataplus._M_p;
  free (_7);
  _9 = str._M_dataplus._M_p;
  if (&str.D.24447._M_local_buf != _9)
    goto <bb 3>; [53.47%]
  else
    goto <bb 4>; [46.53%]

  <bb 3> [local count: 574129753]:
  _11 = str.D.24447._M_allocated_capacity;
  _12 = _11 + 1;
  operator delete (_9, _12);

  <bb 4> [local count: 1073741824]:
  str ={v} {CLOBBER};
  str ={v} {CLOBBER};
  return;

}

More information about the Gcc-bugs mailing list