[Bug analyzer/106003] New: RFE: -fanalyzer could complain about misuse of file-descriptors

Thu Jun 16 15:21:25 GMT 2022

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106003

            Bug ID: 106003
           Summary: RFE: -fanalyzer could complain about misuse of
                    file-descriptors
           Product: gcc
           Version: 12.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: analyzer
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: dmalcolm at gcc dot gnu.org
  Target Milestone: ---

-fanalyzer could be extended to check POSIX file-descriptor APIs ("int" rather
than FILE *).

e.g.
- check for FD leaks
- check for double "close" of a FD (CWE-1341, I believe)
- check for read/write of a closed descriptor
- check for read/write of a descriptor opened for just writing/reading
etc

Immad Mir is looking at this for GSoC 2022.

Example of a "double file-descriptor close" bug:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13351
albeit in C++.