GCC static analyzer warnings

Milan Crha mcrha at redhat.com
Mon Apr 19 08:07:01 BST 2021 

	Hello,
I just received a list of static analyzer warnings reported by GCC. I
won't say it's anything urgent, thus no problem it "missed" the 3.0.10
release. The warnings are at the end of this message. My comments on
them:

Those from src/libicalvcal/vobject.c can eventually happen, when the
machine is out of memory. I do not see a way to pass the out-of-memory
situation to the caller here (I know libical does it on some other
places).

The src/libicalss/icalsslexer.c is a generated file by flex.

The memory leak at src/libicalss/icalcalendar.c:105 is valid. See the
attached patch.

The double frees at src/libical/icalmime.c:248 and
src/libical/icallangbind.c:263 are false positives, from my point of
view.

	Bye,
	Milan

1. Defect type: GCC_ANALYZER_WARNING 
1. libical-3.0.9/src/libicalvcal/vobject.c:1471:8: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 't'
#  1469|           u++; t++;
#  1470|           }
#  1471|->     *t = 0;
#  1472|       return s;
#  1473|   }

2. Defect type: GCC_ANALYZER_WARNING
1. libical-3.0.9/src/libicalvcal/vobject.c:1468:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 't'
#  1466|               *t = '\r';
#  1467|           else
#  1468|->             *t = (char)*u;
#  1469|           u++; t++;
#  1470|           }

3. Defect type: GCC_ANALYZER_WARNING
1. libical-3.0.9/src/libicalvcal/vobject.c:1466:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 't'
#  1464|               *t = '\n';
#  1465|           else if (*u == (wchar_t)0x2029)
#  1466|->             *t = '\r';
#  1467|           else
#  1468|               *t = (char)*u;

4. Defect type: GCC_ANALYZER_WARNING
1. libical-3.0.9/src/libicalss/icalsslexer.c:0: scope_hint: In function 'ss_scan_buffer'
2. libical-3.0.9/src/libicalss/icalsslexer.c:1742:32: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>'
#  1740|                   buf[i] = yybytes[i];
#  1741|   
#  1742|->         buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR;
#  1743|   
#  1744|           b = ss_scan_buffer(buf,n );

5. Defect type: GCC_ANALYZER_WARNING
1. libical-3.0.9/src/libicalss/icalsslexer.c:0: scope_hint: In function 'sspush_buffer_state'
2. libical-3.0.9/src/libicalss/icalsslexer.c:1597:34: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>'
17. libical-3.0.9/src/libicalss/icalsslexer.c:1585:14: note: in expansion of macro 'YY_CURRENT_BUFFER'
20. libical-3.0.9/src/libicalss/icalsslexer.c:1594:13: note: in expansion of macro 'YY_CURRENT_BUFFER'
#  1595|                   (yy_buffer_stack_top)++;
#  1596|           /* coverity[var_deref_op] */
#  1597|->         YY_CURRENT_BUFFER_LVALUE = new_buffer;
#  1598|   
#  1599|           /* copied from ss_switch_to_buffer. */

6. Defect type: GCC_ANALYZER_WARNING
1. libical-3.0.9/src/libicalss/icalcalendar.c:105:9: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>'
3. libical-3.0.9/src/libicalss/icalset.h:40: included_from: Included from here.
4. libical-3.0.9/src/libicalss/icalcalendar.h:26: included_from: Included from here.
5. libical-3.0.9/src/libicalss/icalcalendar.c:23: included_from: Included from here.
7. libical-3.0.9/src/libicalss/icalcalendar.c:90:5: note: in expansion of macro 'icalerror_check_arg_rz'
19. libical-3.0.9/src/libicalss/icalset.h:40: included_from: Included from here.
20. libical-3.0.9/src/libicalss/icalcalendar.h:26: included_from: Included from here.
21. libical-3.0.9/src/libicalss/icalcalendar.c:23: included_from: Included from here.
23. libical-3.0.9/src/libicalss/icalcalendar.c:64:5: note: in expansion of macro 'icalerror_check_arg_re'
#   103|   
#   104|       if (icalcalendar_create(impl) != ICAL_NO_ERROR) {
#   105|->         free(impl);
#   106|           return 0;
#   107|       }

7. Defect type: GCC_ANALYZER_WARNING
1. libical-3.0.9/src/libical/icalmime.c:0: scope_hint: In function 'icalmime_parse'
2. libical-3.0.9/src/libical/icalmime.c:248:13: warning[-Wanalyzer-double-free]: double-'free' of 'mimeTypeCopy'
24. libical-3.0.9/src/libical/icalerror.h:25: included_from: Included from here.
25. libical-3.0.9/src/libical/icalmime.c:26: included_from: Included from here.
#   246|                   comp,
#   247|                   icalproperty_new_xlicmimecontenttype(mimeTypeCopy));
#   248|->             free(mimeTypeCopy);
#   249|           }
#   250|   

8. Defect type: GCC_ANALYZER_WARNING
1. libical-3.0.9/src/libical/icallangbind.c:263:9: warning[-Wanalyzer-double-free]: double-'free' of 'copy'
#   261|           APPENDS(v);
#   262|           APPENDC('\'');
#   263|->         free(copy);
#   264|       }
#   265|   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: ical.patch
Type: text/x-patch
Size: 398 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/libical-devel/attachments/20210419/ebcb0dba/attachment.bin>

More information about the libical-devel mailing list