[splint-discuss] incomplete deallocation

[Greg White]

> From: brian.quinlan at iolfree.ie
> 
>> Hi again,
>> 
>> I do the following in my code:
>> 
>>   n = malloc(sizeof(nk_hdr));
>>   if (n == NULL) {
>>     (void)snprintf(error, 50, "can't allocate memory for n\n");
>>     return -1;
>>   }
>>   memset(n, 0, sizeof(n));
>> 
>> nkhdr looks like:
>> typedef struct _nk_hdr {
>>   short int    name_len;
>>   short int    classname_len;
>>   unsigned char    *key_name; 
>> } nk_hdr;
>> 
>> when I do a free(n); 
>> splint says:
>> Only storage n->key_name (type unsigned char *) derived from
>>                     released storage is not released (memory leak): n
>>   A storage leak due to incomplete deallocation of a structure or deep pointer
>>   is suspected. Unshared storage that is reachable from a reference that is
>>   being deallocated has not yet been deallocated. Splint assumes when an object
>>   is passed as an out only void pointer that the outer object will be
>>   deallocated, but the inner objects will not. (Use -compdestroy to inhibit
>>   warning)
>> 
>> What did I do wrong?
>> 
> The problem is that the key_name pointer is not annotated, so it
> defaults to "only" storage, i.e., splint assumes that key_name has the
> only reference to the memory. For splint this means that when n is
> freed, the program loses the only reference to the memory pointed to by
> key_name, i.e., a memory leak. See the Memory Management section of
> Appendix C of the manual for a list of relevant annotations.

Thanks.  I used /*@dependent@*/ on key_name and splint stopped
warning and the program still works.

I must say the manual could use a little work.  For example it gives
examples of bad code, but it never shows you the good version of
the bad code.

Thanks again,


_________________________________________________________________
Color coding for safety: Windows Live Hotmail alerts you to suspicious email.
http://windowslive.com/Explore/Hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_safety_112008