variable argument list pointers aren't traced as allocation targets resulting in false positives for PULSE_UNINITIALIZED_VALUE and MEMORY_LEAK_C #1937
Description
The use of a variable argument list to allocate a memory block once for its argument pointers at once isn't traced to the returning function.
x.c:
#include <stdarg.h>
#include <stdlib.h>
void *ma_multi_malloc(int myFlags, ...)
{
va_list args;
char **ptr,*start,*res;
size_t tot_length,length;
va_start(args,myFlags);
tot_length=0;
while (va_arg(args, char **))
{
length=va_arg(args, size_t);
tot_length+=length;
}
va_end(args);
if (!(start=(char *)malloc(tot_length)))
return 0;
va_start(args,myFlags);
res=start;
while ((ptr=va_arg(args, char **)))
{
*ptr=res;
length=va_arg(args,size_t);
res+=length;
}
va_end(args);
return start;
}
void test()
{
char *v, *u;
ma_multi_malloc(0, &v, (size_t) 1, &u, (size_t) 3);
*v='d';
*u='o';
free(v);
}3/3 [################################################################################] 100% 52.5ms
/tmp/x.c:37: error: Memory Leak(MEMORY_LEAK_C)
Memory dynamically allocated by `malloc`, indirectly via call to `ma_multi_malloc()` on line 37 is not freed after the last access at line 37, column 3.
35. {
36. char *v, *u;
37. ma_multi_malloc(0, &v, (size_t) 1, &u, (size_t) 3);
^
38. *v='d';
39. *u='o';
/tmp/x.c:38: error: Uninitialized Value(PULSE_UNINITIALIZED_VALUE)
`v` is read without initialization.
36. char *v, *u;
37. ma_multi_malloc(0, &v, (size_t) 1, &u, (size_t) 3);
38. *v='d';
^
39. *u='o';
40. free(v);
/tmp/x.c:39: error: Uninitialized Value(PULSE_UNINITIALIZED_VALUE)
`u` is read without initialization.
37. ma_multi_malloc(0, &v, (size_t) 1, &u, (size_t) 3);
38. *v='d';
39. *u='o';
^
40. free(v);
41. }
Found 3 issues
Issue Type(ISSUED_TYPE_ID): #
Uninitialized Value(PULSE_UNINITIALIZED_VALUE): 2
Memory Leak(MEMORY_LEAK_C): 1
$ infer --version
Infer version v1.2.0-49969b1487