[cfe-dev] Static analyzer: possible memory leak false positive?

Anna Zaks ganna at apple.com
Thu Sep 27 23:51:00 PDT 2012


The analyzer specifically complains about memory allocated by malloc here:
196			/* just the filesystems specified on the command line */
197			mntbuf = malloc(argc * sizeof(*mntbuf));

So the call to free could be conditioned on the value of "!*argv" as well.

On Sep 27, 2012, at 4:21 AM, Erik Cederstrand wrote:

> Den 14/09/2012 kl. 21.15 skrev Eitan Adler <lists at eitanadler.com>:
>> On 14 September 2012 13:54, Anna Zaks <ganna at apple.com> wrote:
>>> I think it is reasonable to expect the analyzer not to warn in this particular case.
>> FWIW, I plan to fix this case. But, it would be nice to differentiate
>> the output from a legitimate one.
> It turns out it was a bit more complicated than this. The memory pointed to by mntbuf is allocated by getmntinfo() from FreeBSD libc (original report: http://scan.freebsd.your.org/freebsd-head/bin.df/2012-09-12-amd64/report-WwB2qk.html#EndPath). The man page for this function says: "The memory allocated by getmntinfo() cannot be free(3)'d by the application." (http://www.freebsd.org/cgi/man.cgi?query=getmntinfo).
> I believe the reason for this is that the memory is shared between calls: http://fxr.watson.org/fxr/source/gen/getmntinfo.c?v=FREEBSD-LIBC
> In this specific case, it should be OK to free the memory anyway since malloc'ed memory only lives for the duration of the application, but someone on the FreeBSD list pointed out that an alternative libc implementation might instead implement getmntinfo() with file-backed mmap, in which case we can't free it.
> I'm uncertain how to proceed here, so I'd like an opinion :-)
> Thanks,
> Erik

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20120927/b9e51e41/attachment.html>

More information about the cfe-dev mailing list