[cfe-dev] Static analyzer: possible memory leak false positive?
Erik Cederstrand
erik at cederstrand.dk
Thu Sep 27 04:21:10 PDT 2012
Den 14/09/2012 kl. 21.15 skrev Eitan Adler <lists at eitanadler.com>:
> On 14 September 2012 13:54, Anna Zaks <ganna at apple.com> wrote:
>> I think it is reasonable to expect the analyzer not to warn in this particular case.
>
> FWIW, I plan to fix this case. But, it would be nice to differentiate
> the output from a legitimate one.
It turns out it was a bit more complicated than this. The memory pointed to by mntbuf is allocated by getmntinfo() from FreeBSD libc (original report: http://scan.freebsd.your.org/freebsd-head/bin.df/2012-09-12-amd64/report-WwB2qk.html#EndPath). The man page for this function says: "The memory allocated by getmntinfo() cannot be free(3)'d by the application." (http://www.freebsd.org/cgi/man.cgi?query=getmntinfo).
I believe the reason for this is that the memory is shared between calls: http://fxr.watson.org/fxr/source/gen/getmntinfo.c?v=FREEBSD-LIBC
In this specific case, it should be OK to free the memory anyway since malloc'ed memory only lives for the duration of the application, but someone on the FreeBSD list pointed out that an alternative libc implementation might instead implement getmntinfo() with file-backed mmap, in which case we can't free it.
I'm uncertain how to proceed here, so I'd like an opinion :-)
Thanks,
Erik
More information about the cfe-dev
mailing list