RFR: 8362889: [GCC static analyzer] leak in libstringPlatformChars.c [v2]
David Holmes
dholmes at openjdk.org
Tue Jul 22 05:53:30 UTC 2025
On Mon, 21 Jul 2025 15:38:36 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:
>> test/jdk/java/lang/String/nativeEncoding/libstringPlatformChars.c line 74:
>>
>>> 72: (*env)->ReleasePrimitiveArrayCritical(env, bytes, (void*)jbytes, 0);
>>> 73:
>>> 74: jstring res = JNU_NewStringPlatform(env, str);
>>
>> At line 66: where it returns null, it seem like it should also be freeing `str`. (The analyzer didn't catch that?)
>
> It catches that too
>
> /jdk/test/jdk/java/lang/String/nativeEncoding/libstringPlatformChars.c:65:8: warning: leak of 'str' [CWE-401] [-Wanalyzer-malloc-leak]
> 65 | if (jbytes == NULL) {
>
>
> and also
>
>
> /jdk/test/jdk/java/lang/String/nativeEncoding/libstringPlatformChars.c:69:16: warning: dereference of possibly-NULL 'str' [CWE-690] [-Wanalyzer-possible-null-dereference]
> 69 | str[i] = (char)jbytes[i];
> | ~~~~~~~^~~~~~~~~~~~~~~~~
>
>
> I just overlooked it because a log of a full build with '-fanalyzer' enabled contains quite a lot of output (the event explanations of every finding are rather long).
Seems better to defer the `malloc` until after you know `jbytes` is not null; and also check the `malloc` result for null.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26415#discussion_r2221292734
More information about the core-libs-dev
mailing list