[Dnsmasq-discuss] cache.c:1683:30: warning: pointer used after ‘free’
Simon Kelley
simon at thekelleys.org.uk
Fri Aug 12 17:46:14 UTC 2022
Interesting. I think this is a false positive, as the "use" is pointer
arithmetic to derive an integer offset, not a dereference. If you're
going to complain about using "buff" like that, you should equally
complain of using p, which just the value of buff that's just been freed
incremented a few times.
This code just got changed by Petr's realloc patch, but as far as I can
see the same complaint still applies (or doesn't). Does you compiler
still complain?
Cheers,
Simon.
On 22/06/2022 09:23, Geert Stappers via Dnsmasq-discuss wrote:
>
>
> Hello,
>
>
> With GCC version 12.1 I do get:
>
> cc -Wall -W -O2 -DVERSION='"2.87test8-16-g770bce9"' -c cache.c
> cache.c: In function ‘cache_make_stat’:
> cache.c:1683:30: warning: pointer used after ‘free’ [-Wuse-after-free]
> 1683 | p = new + (p - buff);
> | ~~~^~~~~~~
> cache.c:1682:17: note: call to ‘free’ here
> 1682 | free(buff);
> | ^~~~~~~~~~
>
>
> Lines 1682 and 1683 in context:
>
> $ awk '{ print NR, $0 }' src/cache.c | sed --silent -e '1675,1689p'
> 1675 if (bytes_needed >= bytes_avail)
> 1676 {
> 1677 /* expand buffer if necessary */
> 1678 newlen = bytes_needed + 1 + bufflen - bytes_avail;
> 1679 if (!(new = whine_malloc(newlen)))
> 1680 return 0;
> 1681 memcpy(new, buff, bufflen);
> 1682 free(buff);
> 1683 p = new + (p - buff);
> 1684 lenp = p - 1;
> 1685 buff = new;
> 1686 bufflen = newlen;
> 1687 bytes_avail = bufflen - (p - buff );
> 1688 bytes_needed = snprintf(p, bytes_avail, "%s#%d %u %u", daemon->addrbuff, port, queries, failed_queries);
> 1689 }
>
>
>
> Patch is work in progress.
>
>
>
> Groeten
> Geert Stappers
More information about the Dnsmasq-discuss
mailing list