warning use after free

Question

warning use after free

vtorri opened this issue 5 months ago · comments

C:/Documents/msys2/home/vincent.torri/ewpi_64/share/ewpi/packages/libwavpack/wavpack-5.7.0/src/unpack_seek.c: In function 'find_header':
C:/Documents/msys2/home/vincent.torri/ewpi_64/share/ewpi/packages/libwavpack/wavpack-5.7.0/src/unpack_seek.c:306:59: warning: pointer 'ep' used after 'free' [-Wuse-after-free]
  306 |                         return reader->get_pos (id) - (ep - sp + 4);
      |                                                        ~~~^~~~
C:/Documents/msys2/home/vincent.torri/ewpi_64/share/ewpi/packages/libwavpack/wavpack-5.7.0/src/unpack_seek.c:305:25: note: call to 'free' here
  305 |                         free (buffer);
      |                         ^~~~~~~~~~~~~

i don't know if it's a false positive

David Bryant · Answer 1 · Sat Mar 02 2024 02:33:55 GMT+0800 (China Standard Time)

Yes, it is a false positive. The pointers ep and sp are pointing into the buffer that is freed in line 305, and line 306 does reference the pointers, however it does not dereference the pointers. In other words, the difference of the pointers is just used to calculate a value. To be a true "use after free" the pointers would have to be used as pointers (i.e., an indirect read or write).

That said, it's easy enough to fix and I will push a commit to do so. For reference, what compiler / version generated this?

Thanks!

vtorri · Answer 2 · Sat Mar 02 2024 02:51:03 GMT+0800 (China Standard Time)

I'm on Windows, MSYS2 + mingw-w64, gcc :

$ gcc --version
gcc.exe (Rev5, Built by MSYS2 project) 13.2.0
Copyright (C) 2023 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.