Page MenuHomeFreeBSD

libcasper: Neuter false positive -Wuse-after-free warnings from GCC 13
ClosedPublic

Authored by jhb on Nov 13 2023, 10:29 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Dec 31, 4:45 AM
Unknown Object (File)
Nov 30 2024, 7:09 PM
Unknown Object (File)
Oct 27 2024, 6:05 AM
Unknown Object (File)
Oct 17 2024, 6:39 AM
Unknown Object (File)
Sep 24 2024, 8:37 AM
Unknown Object (File)
Sep 17 2024, 9:40 AM
Unknown Object (File)
Sep 16 2024, 1:08 AM
Unknown Object (File)
Sep 11 2024, 1:35 PM
Subscribers

Details

Summary

GCC 13 incorrectly thinks a call to free after a failed realloc is a
use after free.

lib/libcasper/services/cap_grp/cap_grp.c: In function 'group_resize':
lib/libcasper/services/cap_grp/cap_grp.c:65:17: error: pointer 'buf' may be used after 'realloc' [-Werror=use-after-free]

65 |                 free(buf);
   |                 ^~~~~~~~~

lib/libcasper/services/cap_grp/cap_grp.c:63:19: note: call to 'realloc' here

63 |         gbuffer = realloc(buf, gbufsize);
   |                   ^~~~~~~~~~~~~~~~~~~~~~

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 54400
Build 51290: arc lint + arc unit

Event Timeline

jhb requested review of this revision.Nov 13 2023, 10:29 PM
This revision is now accepted and ready to land.Nov 13 2023, 11:16 PM

I thought this is becoming UB behavior...
But for our implementation it's well defined.

In D42576#971550, @imp wrote:

I thought this is becoming UB behavior...
But for our implementation it's well defined.

If realloc fails and returns NULL, the original pointer is always valid, that's how realloc is defined in C. There is some discussion about making realloc() with a new size of 0 as UB to permit varying implementations, but that isn't relevant here.

In D42576#971578, @jhb wrote:
In D42576#971550, @imp wrote:

I thought this is becoming UB behavior...
But for our implementation it's well defined.

If realloc fails and returns NULL, the original pointer is always valid, that's how realloc is defined in C. There is some discussion about making realloc() with a new size of 0 as UB to permit varying implementations, but that isn't relevant here.

realloc(p, 0) is slated to be undefined behavior in C23. You are correct... I thought wrong. This all looks good.