warning use after free

[vtorri]

C:/Documents/msys2/home/vincent.torri/ewpi_64/share/ewpi/packages/libwavpack/wavpack-5.7.0/src/unpack_seek.c: In function 'find_header':
C:/Documents/msys2/home/vincent.torri/ewpi_64/share/ewpi/packages/libwavpack/wavpack-5.7.0/src/unpack_seek.c:306:59: warning: pointer 'ep' used after 'free' [-Wuse-after-free]
  306 |                         return reader->get_pos (id) - (ep - sp + 4);
      |                                                        ~~~^~~~
C:/Documents/msys2/home/vincent.torri/ewpi_64/share/ewpi/packages/libwavpack/wavpack-5.7.0/src/unpack_seek.c:305:25: note: call to 'free' here
  305 |                         free (buffer);
      |                         ^~~~~~~~~~~~~

i don't know if it's a false positive

[dbry]

Yes, it is a false positive. The pointers ep and sp are pointing into the buffer that is freed in line 305, and line 306 does reference the pointers, however it does not dereference the pointers. In other words, the difference of the pointers is just used to calculate a value. To be a true "use after free" the pointers would have to be used as pointers (i.e., an indirect read or write).

That said, it's easy enough to fix and I will push a commit to do so. For reference, what compiler / version generated this?

Thanks!

[vtorri]

I'm on Windows, MSYS2 + mingw-w64, gcc :

$ gcc --version
gcc.exe (Rev5, Built by MSYS2 project) 13.2.0
Copyright (C) 2023 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.