Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Memory cleaned up multiple times #1098

Open
mgovers opened this issue Oct 17, 2023 · 0 comments
Open

Memory cleaned up multiple times #1098

mgovers opened this issue Oct 17, 2023 · 0 comments

Comments

@mgovers
Copy link

mgovers commented Oct 17, 2023
edited

Describe the bug
according to the Clang static analyzer, msgpack::zone calls ::free on memory that has been cleaned up before: https://clang.llvm.org/docs/analyzer/checkers.html#cplusplus-newdelete

Verified to be in msgpack-cxx version 6.1.0, but likely also present in all older versions starting with v1.

To Reproduce
Compile the following code using the Clang Analyzer:

  • I used clang-cl-16.0.5 + clang-tidy-16.0.5 on Windows
  • but I have been able to produce similar output on a non-minimal case using clang-15.0.7 + clang-tidy-15.0.7 on Ubuntu 22.04 (installed on Github Actions runner ubuntu-latest using brew)
#include <msgpack.hpp>

#include <memory>

namespace {
struct Foo {
    std::unique_ptr<msgpack::zone> zone;
};
} // namespace

int main() {
    Foo const foo{};
    return 0;
}

This results in the following output:

[build] "<...>/cmake.exe" -E __run_co_compile --tidy=clang-tidy.exe;--extra-arg=/EHsc;--extra-arg-before=--driver-mode=cl --source=<source_dir>/source.cpp -- <...>/clang-cl.exe  /nologo -TP  -imsvc<std_lib> /DWIN32 /D_WINDOWS /EHsc /Zi /Ob0 /Od /RTC1 -std:c++20 -MDd /showIncludes /Fo<build_dir>/test_tmp.cpp.obj /Fd<build_dir>\ -c -- <source_dir>/source.cpp
[build] <msgpack_dir>/include/msgpack/v1/detail/cpp11_zone.hpp:197:9: error: Attempt to free released memory [clang-analyzer-cplusplus.NewDelete,-warnings-as-errors]
[build]         ::free(p);
[build]         ^
[build] <source_dir>/source.cpp:15:12: note: Calling implicit destructor for 'Foo'
[build]     return 0;
[build]            ^
[build] <source_dir>/source.cpp:15:12: note: Calling '~unique_ptr'
[build] <std_lib>/memory:3289:13: note: Assuming field '_Myval2' is non-null
[build]         if (_Mypair._Myval2) {
[build]             ^~~~~~~~~~~~~~~
[build] <std_lib>/memory:3289:9: note: Taking true branch
[build]         if (_Mypair._Myval2) {
[build]         ^
[build] <std_lib>/memory:3290:13: note: Calling 'default_delete::operator()'
[build]             _Mypair._Get_first()(_Mypair._Myval2);
[build]             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[build] <std_lib>/memory:3180:9: note: Memory is released
[build]         delete _Ptr;
[build]         ^~~~~~~~~~~
[build] <std_lib>/memory:3180:9: note: Calling 'zone::operator delete'
[build]         delete _Ptr;
[build]         ^~~~~~~~~~~
[build] <msgpack_dir>/include/msgpack/v1/detail/cpp11_zone.hpp:197:9: note: Attempt to free released memory
[build]         ::free(p);
[build]         ^~~~~~~~~

Expected behavior
The above example compiles correctly.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mgovers