Description of problem: As mentioned in $SUBJ, our systemd builds in Rawhide started recently (https://github.com/systemd/systemd/issues/22215) failing with: ``` In file included from ../src/basic/macro.h:12, from ../src/basic/time-util.h:19, from ../src/shared/ask-password-api.h:6, from ../src/shared/pkcs11-util.c:5: In function ‘freep’, inlined from ‘pkcs11_token_login’ at ../src/shared/pkcs11-util.c:240:83: ../src/fundamental/macro-fundamental.h:284:17: error: pointer ‘id_384’ used after ‘free’ [-Werror=use-after-free] 284 | free(memory); \ | ^~~~~~~~~~~~ In function ‘freep’, inlined from ‘pkcs11_token_login’ at ../src/shared/pkcs11-util.c:240:95: ../src/fundamental/macro-fundamental.h:284:17: note: call to ‘free’ here 284 | free(memory); \ | ^~~~~~~~~~~~ In function ‘freep’, inlined from ‘pkcs11_token_login’ at ../src/shared/pkcs11-util.c:240:56: ../src/fundamental/macro-fundamental.h:284:17: error: pointer ‘token_uri_escaped_380’ used after ‘free’ [-Werror=use-after-free] 284 | free(memory); \ | ^~~~~~~~~~~~ In function ‘freep’, inlined from ‘pkcs11_token_login’ at ../src/shared/pkcs11-util.c:240:95: ../src/fundamental/macro-fundamental.h:284:17: note: call to ‘free’ here 284 | free(memory); \ | ^~~~~~~~~~~~ cc1: all warnings being treated as errors ``` After a closer look the culprit seems to be `-ffat-lto-objects` - without it the issue disappears. Version-Release number of selected component (if applicable): gcc-12.0.1-0.2.fc36.x86_64 Steps to Reproduce: # dnf builddep -y systemd # git clone https://github.com/systemd/systemd -depth 1 # cd systemd # CFLAGS="-O2 -flto=auto -ffat-lto-objects" meson build --werror # ninja -C build Actual results: # ninja -C build ninja: Entering directory `build' [416/1999] Compiling C object src/shared/libsystemd-shared-250.a.p/pkcs11-util.c.o FAILED: src/shared/libsystemd-shared-250.a.p/pkcs11-util.c.o cc -Isrc/shared/libsystemd-shared-250.a.p -Isrc/shared -I../src/shared -Isrc/basic -I../src/basic -Isrc/fundamental -I../src/fundamental -Isrc/systemd -I../src/systemd -I. -I.. -I../src/libsystemd/sd-bus -I../src/libsystemd/sd-device -I../src/libsystemd/sd-event -I../src/libsystemd/sd-hwdb -I../src/libsystemd/sd-id128 -I../src/libsystemd/sd-journal -I../src/libsystemd/sd-netlink -I../src/libsystemd/sd-network -I../src/libsystemd/sd-resolve -I/usr/include/blkid -I/usr/include/libmount -I/usr/include/p11-kit-1 -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Wextra -Werror -std=gnu99 -g -Wno-format-signedness -Wno-missing-field-initializers -Wno-unused-parameter -Wdate-time -Wendif-labels -Werror=format=2 -Werror=implicit-function-declaration -Werror=incompatible-pointer-types -Werror=int-conversion -Werror=overflow -Werror=override-init -Werror=return-type -Werror=shift-count-overflow -Werror=shift-overflow=2 -Werror=undef -Wfloat-equal -Wimplicit-fallthrough=5 -Winit-self -Wlogical-op -Wmissing-include-dirs -Wmissing-noreturn -Wnested-externs -Wold-style-definition -Wpointer-arith -Wredundant-decls -Wshadow -Wstrict-aliasing=2 -Wstrict-prototypes -Wsuggest-attribute=noreturn -Wunused-function -Wwrite-strings -Wno-unused-result -Werror=missing-declarations -Werror=missing-prototypes -fdiagnostics-show-option -fno-common -fno-strict-aliasing -fstack-protector -fstack-protector-strong -fvisibility=hidden --param=ssp-buffer-size=4 -Werror=shadow -include config.h -O2 -flto=auto -ffat-lto-objects -fPIC -pthread -fvisibility=default -MD -MQ src/shared/libsystemd-shared-250.a.p/pkcs11-util.c.o -MF src/shared/libsystemd-shared-250.a.p/pkcs11-util.c.o.d -o src/shared/libsystemd-shared-250.a.p/pkcs11-util.c.o -c ../src/shared/pkcs11-util.c In file included from ../src/basic/macro.h:12, from ../src/basic/time-util.h:19, from ../src/shared/ask-password-api.h:6, from ../src/shared/pkcs11-util.c:5: In function ‘freep’, inlined from ‘pkcs11_token_login’ at ../src/shared/pkcs11-util.c:240:83: ../src/fundamental/macro-fundamental.h:284:17: error: pointer ‘id_239’ used after ‘free’ [-Werror=use-after-free] 284 | free(memory); \ | ^~~~~~~~~~~~ In function ‘freep’, inlined from ‘pkcs11_token_login’ at ../src/shared/pkcs11-util.c:240:95: ../src/fundamental/macro-fundamental.h:284:17: note: call to ‘free’ here 284 | free(memory); \ | ^~~~~~~~~~~~ In function ‘freep’, inlined from ‘pkcs11_token_login’ at ../src/shared/pkcs11-util.c:240:56: ../src/fundamental/macro-fundamental.h:284:17: error: pointer ‘token_uri_escaped_237’ used after ‘free’ [-Werror=use-after-free] 284 | free(memory); \ | ^~~~~~~~~~~~ In function ‘freep’, inlined from ‘pkcs11_token_login’ at ../src/shared/pkcs11-util.c:240:95: ../src/fundamental/macro-fundamental.h:284:17: note: call to ‘free’ here 284 | free(memory); \ | ^~~~~~~~~~~~ cc1: all warnings being treated as errors [425/1999] Compiling C object src/udev/libudev-core.a.p/udev-rules.c.o ninja: build stopped: subcommand failed. Additional info: # cd build # cc -Isrc/shared/libsystemd-shared-250.a.p -Isrc/shared -I../src/shared -Isrc/basic -I../src/basic -Isrc/fundamental -I../src/fundamental -Isrc/systemd -I../src/systemd -I. -I.. -I../src/libsystemd/sd-bus -I../src/libsystemd/sd-device -I../src/libsystemd/sd-event -I../src/libsystemd/sd-hwdb -I../src/libsystemd/sd-id128 -I../src/libsystemd/sd-journal -I../src/libsystemd/sd-netlink -I../src/libsystemd/sd-network -I../src/libsystemd/sd-resolve -I/usr/include/blkid -I/usr/include/libmount -I/usr/include/p11-kit-1 -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Wextra -Werror -std=gnu99 -g -Wno-format-signedness -Wno-missing-field-initializers -Wno-unused-parameter -Wdate-time -Wendif-labels -Werror=format=2 -Werror=implicit-function-declaration -Werror=incompatible-pointer-types -Werror=int-conversion -Werror=overflow -Werror=override-init -Werror=return-type -Werror=shift-count-overflow -Werror=shift-overflow=2 -Werror=undef -Wfloat-equal -Wimplicit-fallthrough=5 -Winit-self -Wlogical-op -Wmissing-include-dirs -Wmissing-noreturn -Wnested-externs -Wold-style-definition -Wpointer-arith -Wredundant-decls -Wshadow -Wstrict-aliasing=2 -Wstrict-prototypes -Wsuggest-attribute=noreturn -Wunused-function -Wwrite-strings -Wno-unused-result -Werror=missing-declarations -Werror=missing-prototypes -fdiagnostics-show-option -fno-common -fno-strict-aliasing -fstack-protector -fstack-protector-strong -fvisibility=hidden --param=ssp-buffer-size=4 -Werror=shadow -include config.h -O2 -flto=auto -ffat-lto-objects -fPIC -pthread -fvisibility=default -MD -MQ src/shared/libsystemd-shared-250.a.p/pkcs11-util.c.o -MF src/shared/libsystemd-shared-250.a.p/pkcs11-util.c.o.d -o src/shared/libsystemd-shared-250.a.p/pkcs11-util.c.o -c ../src/shared/pkcs11-util.c -save-temps In file included from ../src/basic/string-util.h:8, from ../src/basic/escape.h:10, from ../src/shared/pkcs11-util.c:7: In function ‘freep’, inlined from ‘pkcs11_token_login’ at ../src/shared/pkcs11-util.c:240:82: ../src/basic/alloc-util.h:90:25: error: pointer ‘id_239’ used after ‘free’ [-Werror=use-after-free] 90 | *(void**)p = mfree(*(void**) p); | ^~~~~~~~~~~~~~~~ In function ‘freep’, inlined from ‘pkcs11_token_login’ at ../src/shared/pkcs11-util.c:240:94: ../src/basic/alloc-util.h:90:25: note: call to ‘free’ here 90 | *(void**)p = mfree(*(void**) p); | ^~~~~~~~~~~~~~~~ In function ‘freep’, inlined from ‘pkcs11_token_login’ at ../src/shared/pkcs11-util.c:240:55: ../src/basic/alloc-util.h:90:25: error: pointer ‘token_uri_escaped_237’ used after ‘free’ [-Werror=use-after-free] 90 | *(void**)p = mfree(*(void**) p); | ^~~~~~~~~~~~~~~~ In function ‘freep’, inlined from ‘pkcs11_token_login’ at ../src/shared/pkcs11-util.c:240:94: ../src/basic/alloc-util.h:90:25: note: call to ‘free’ here 90 | *(void**)p = mfree(*(void**) p); | ^~~~~~~~~~~~~~~~ cc1: all warnings being treated as errors See attachments for the generated pkcs11-util.c.{i,o.d,s} files.
Created attachment 1852706 [details] pcks11-util.c.i
Created attachment 1852707 [details] pkcs11-utils.c.s
Created attachment 1852708 [details] pkcs11-util.c.o.d
The perf codebase also has cases such as: file = realloc(files, (nr + 1) * sizeof(*files)); if (!file) goto out_err; files = file; file = &files[nr++]; ... if (!files) return -EINVAL; data->dir.files = files; data->dir.nr = nr; return 0; out_err: close_dir(files, nr); return ret; Tha gets this warning and breaks the build: 9.60 fedora:rawhide : FAIL gcc version 12.0.1 20220118 (Red Hat 12.0.1-0) (GCC) inlined from 'perf_data__open_dir' at util/data.c:139:2: util/data.c:27:9: error: pointer 'files' may be used after 'realloc' [-Werror=use-after-free] 27 | free(files); | ^~~~~~~~~~~ util/data.c: In function 'perf_data__open_dir': util/data.c:112:24: note: call to 'realloc' here 112 | file = realloc(files, (nr + 1) * sizeof(*files)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ util/data.c:141:1: error: pointer 'files' may be used after 'realloc' [-Werror=use-after-free] 141 | } | ^ util/data.c:112:24: note: call to 'realloc' here 112 | file = realloc(files, (nr + 1) * sizeof(*files)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ util/data.c:141:1: error: pointer 'files' may be used after 'realloc' [-Werror=use-after-free] 141 | } | ^ util/data.c:112:24: note: call to 'realloc' here 112 | file = realloc(files, (nr + 1) * sizeof(*files)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cc1: all warnings being treated as errors Since realloc leaves 'files' untouched when it fails, this doesn't look a valid conclusion for use after free. I'll go looking for the pragma to disable this... BTW, this works on these compilers: almalinux:8 : Ok gcc (GCC) 8.5.0 20210514 (Red Hat 8.5.0-4) , clang version 12.0.1 (Red Hat 12.0.1-4.module_el8.5.0+1025+93159d6c) alpine:3.4 : Ok gcc (Alpine 5.3.0) 5.3.0 , clang version 3.8.0 (tags/RELEASE_380/final) alpine:3.5 : Ok gcc (Alpine 6.2.1) 6.2.1 20160822 , clang version 3.8.1 (tags/RELEASE_381/final) alpine:3.6 : Ok gcc (Alpine 6.3.0) 6.3.0 , clang version 4.0.0 (tags/RELEASE_400/final) alpine:3.7 : Ok gcc (Alpine 6.4.0) 6.4.0 , Alpine clang version 5.0.0 (tags/RELEASE_500/final) (based on LLVM 5.0.0) alpine:3.8 : Ok gcc (Alpine 6.4.0) 6.4.0 , Alpine clang version 5.0.1 (tags/RELEASE_501/final) (based on LLVM 5.0.1) alpine:3.9 : Ok gcc (Alpine 8.3.0) 8.3.0 , Alpine clang version 5.0.1 (tags/RELEASE_502/final) (based on LLVM 5.0.1) alpine:3.10 : Ok gcc (Alpine 8.3.0) 8.3.0 , Alpine clang version 8.0.0 (tags/RELEASE_800/final) (based on LLVM 8.0.0) alpine:3.11 : Ok gcc (Alpine 9.3.0) 9.3.0 , Alpine clang version 9.0.0 (https://git.alpinelinux.org/aports f7f0d2c2b8bcd6a5843401a9a702029556492689) (based on LLVM 9.0.0) alpine:3.12 : Ok gcc (Alpine 9.3.0) 9.3.0 , Alpine clang version 10.0.0 (https://gitlab.alpinelinux.org/alpine/aports.git 7445adce501f8473efdb93b17b5eaf2f1445ed4c) alpine:3.13 : Ok gcc (Alpine 10.2.1_pre1) 10.2.1 20201203 , Alpine clang version 10.0.1 alpine:3.14 : Ok gcc (Alpine 10.3.1_git20210424) 10.3.1 20210424 , Alpine clang version 11.1.0 alpine:3.15 : Ok gcc (Alpine 10.3.1_git20211027) 10.3.1 20211027 , Alpine clang version 12.0.1 alpine:edge : Ok gcc (Alpine 11.2.1_git20211128) 11.2.1 20211128 , Alpine clang version 12.0.1 alt:p8 : Ok x86_64-alt-linux-gcc (GCC) 5.3.1 20151207 (ALT p8 5.3.1-alt3.M80P.1) , clang version 3.8.0 (tags/RELEASE_380/final) alt:p9 : Ok x86_64-alt-linux-gcc (GCC) 8.4.1 20200305 (ALT p9 8.4.1-alt0.p9.1) , clang version 10.0.0 alt:p10 : Ok x86_64-alt-linux-gcc (GCC) 10.3.1 20210703 (ALT Sisyphus 10.3.1-alt2) , clang version 11.0.1 alt:sisyphus : Ok x86_64-alt-linux-gcc (GCC) 11.2.1 20210911 (ALT Sisyphus 11.2.1-alt1) , ALT Linux Team clang version 12.0.1 amazonlinux:1 : Ok gcc (GCC) 7.2.1 20170915 (Red Hat 7.2.1-2) , clang version 3.6.2 (tags/RELEASE_362/final) amazonlinux:2 : Ok gcc (GCC) 7.3.1 20180712 (Red Hat 7.3.1-13) , clang version 11.1.0 (Amazon Linux 2 11.1.0-1.amzn2.0.2) archlinux:base : Ok gcc (GCC) 11.1.0 , clang version 13.0.0 centos:8 : Ok gcc (GCC) 8.4.1 20200928 (Red Hat 8.4.1-1) , clang version 11.0.1 (Red Hat 11.0.1-1.module_el8.4.0+966+2995ef20) centos:stream : Ok gcc (GCC) 8.5.0 20210514 (Red Hat 8.5.0-3) , clang version 12.0.1 (Red Hat 12.0.1-2.module_el8.6.0+937+1cafe22c) clearlinux:latest : Ok gcc (Clear Linux OS for Intel Architecture) 11.2.1 20220103 releases/gcc-11.2.0-627-gd4a1d3c4b3 , clang version 11.1.0 debian:9 : Ok gcc (Debian 6.3.0-18+deb9u1) 6.3.0 20170516 , clang version 3.8.1-24 (tags/RELEASE_381/final) debian:10 : Ok gcc (Debian 8.3.0-6) 8.3.0 , clang version 7.0.1-8+deb10u2 (tags/RELEASE_701/final) debian:11 : Ok gcc (Debian 10.2.1-6) 10.2.1 20210110 , Debian clang version 11.0.1-2 debian:experimental : Ok gcc (Debian 11.2.0-13) 11.2.0 , Debian clang version 13.0.0-9+b2 debian:experimental-x-arm64 : Ok aarch64-linux-gnu-gcc (Debian 11.2.0-9) 11.2.0 debian:experimental-x-mips : Ok mips-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110 debian:experimental-x-mips64 : Ok mips64-linux-gnuabi64-gcc (Debian 10.2.1-6) 10.2.1 20210110 debian:experimental-x-mipsel : Ok mipsel-linux-gnu-gcc (Debian 11.2.0-9) 11.2.0 fedora:22 : Ok gcc (GCC) 5.3.1 20160406 (Red Hat 5.3.1-6) , clang version 3.5.0 (tags/RELEASE_350/final) fedora:23 : Ok gcc (GCC) 5.3.1 20160406 (Red Hat 5.3.1-6) , clang version 3.7.0 (tags/RELEASE_370/final) fedora:24 : Ok gcc (GCC) 6.3.1 20161221 (Red Hat 6.3.1-1) , clang version 3.8.1 (tags/RELEASE_381/final) fedora:24-x-ARC-uClibc : Ok arc-linux-gcc (ARCompact ISA Linux uClibc toolchain 2017.09-rc2) 7.1.1 20170710 fedora:25 : Ok gcc (GCC) 6.4.1 20170727 (Red Hat 6.4.1-1) , clang version 3.9.1 (tags/RELEASE_391/final) fedora:26 : Ok gcc (GCC) 7.3.1 20180130 (Red Hat 7.3.1-2) , clang version 4.0.1 (tags/RELEASE_401/final) fedora:27 : Ok gcc (GCC) 7.3.1 20180712 (Red Hat 7.3.1-6) , clang version 5.0.2 (tags/RELEASE_502/final) fedora:28 : Ok gcc (GCC) 8.3.1 20190223 (Red Hat 8.3.1-2) , clang version 6.0.1 (tags/RELEASE_601/final) fedora:29 : Ok gcc (GCC) 8.3.1 20190223 (Red Hat 8.3.1-2) , clang version 7.0.1 (Fedora 7.0.1-6.fc29) fedora:30 : Ok gcc (GCC) 9.3.1 20200408 (Red Hat 9.3.1-2) , clang version 8.0.0 (Fedora 8.0.0-3.fc30) fedora:31 : Ok gcc (GCC) 9.3.1 20200408 (Red Hat 9.3.1-2) , clang version 9.0.1 (Fedora 9.0.1-4.fc31) fedora:32 : Ok gcc (GCC) 10.3.1 20210422 (Red Hat 10.3.1-1) , clang version 10.0.1 (Fedora 10.0.1-3.fc32) fedora:33 : Ok gcc (GCC) 10.3.1 20210422 (Red Hat 10.3.1-1) , clang version 11.0.0 (Fedora 11.0.0-3.fc33) fedora:34 : Ok gcc (GCC) 11.2.1 20210728 (Red Hat 11.2.1-1) , clang version 12.0.1 (Fedora 12.0.1-1.fc34) fedora:34-x-ARC-glibc : Ok arc-linux-gcc (ARC HS GNU/Linux glibc toolchain 2019.03-rc1) 8.3.1 20190225 fedora:34-x-ARC-uClibc : Ok arc-linux-gcc (ARCv2 ISA Linux uClibc toolchain 2019.03-rc1) 8.3.1 20190225 fedora:35 : Ok gcc (GCC) 11.2.1 20211203 (Red Hat 11.2.1-7) , clang version 13.0.0 (Fedora 13.0.0-3.fc35) gentoo-stage3:latest : Ok gcc (Gentoo 11.2.0 p1) 11.2.0 , clang version 13.0.0 mageia:6 : Ok gcc (Mageia 5.5.0-1.mga6) 5.5.0 , clang version 3.9.1 (tags/RELEASE_391/final) manjaro:base : Ok gcc (GCC) 11.1.0 , clang version 13.0.0 opensuse:15.0 : Ok gcc (SUSE Linux) 7.4.1 20190905 [gcc-7-branch revision 275407] , clang version 5.0.1 (tags/RELEASE_501/final 312548) opensuse:15.1 : Ok gcc (SUSE Linux) 7.5.0 , clang version 7.0.1 (tags/RELEASE_701/final 349238) opensuse:15.2 : Ok gcc (SUSE Linux) 7.5.0 , clang version 9.0.1 opensuse:15.3 : Ok gcc (SUSE Linux) 7.5.0 , clang version 11.0.1 opensuse:15.4 : Ok gcc (SUSE Linux) 7.5.0 , clang version 11.0.1 opensuse:tumbleweed : Ok gcc (SUSE Linux) 11.2.1 20211124 [revision 7510c23c1ec53aa4a62705f0384079661342ff7b] , clang version 13.0.0 oraclelinux:8 : Ok gcc (GCC) 8.5.0 20210514 (Red Hat 8.5.0-4.0.1) , clang version 12.0.1 (Red Hat 12.0.1-4.0.1.module+el8.5.0+20428+2b4ecd47) rockylinux:8 : Ok gcc (GCC) 8.5.0 20210514 (Red Hat 8.5.0-4) , clang version 12.0.1 (Red Hat 12.0.1-4.module+el8.5.0+715+58f51d49) ubuntu:16.04 : Ok gcc (Ubuntu 5.4.0-6ubuntu1~16.04.12) 5.4.0 20160609 , clang version 3.8.0-2ubuntu4 (tags/RELEASE_380/final) ubuntu:16.04-x-arm : Ok arm-linux-gnueabihf-gcc (Ubuntu/Linaro 5.4.0-6ubuntu1~16.04.9) 5.4.0 20160609 ubuntu:16.04-x-arm64 : Ok aarch64-linux-gnu-gcc (Ubuntu/Linaro 5.4.0-6ubuntu1~16.04.9) 5.4.0 20160609 ubuntu:16.04-x-powerpc : Ok powerpc-linux-gnu-gcc (Ubuntu 5.4.0-6ubuntu1~16.04.9) 5.4.0 20160609 ubuntu:16.04-x-powerpc64 : Ok powerpc64-linux-gnu-gcc (Ubuntu/IBM 5.4.0-6ubuntu1~16.04.9) 5.4.0 20160609 ubuntu:16.04-x-powerpc64el : Ok powerpc64le-linux-gnu-gcc (Ubuntu/IBM 5.4.0-6ubuntu1~16.04.9) 5.4.0 20160609 ubuntu:16.04-x-s390 : Ok s390x-linux-gnu-gcc (Ubuntu 5.4.0-6ubuntu1~16.04.9) 5.4.0 20160609 ubuntu:18.04 : Ok gcc (Ubuntu 7.5.0-3ubuntu1~18.04) 7.5.0 , clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final) ubuntu:18.04-x-arm : Ok arm-linux-gnueabihf-gcc (Ubuntu/Linaro 7.5.0-3ubuntu1~18.04) 7.5.0 ubuntu:18.04-x-arm64 : Ok aarch64-linux-gnu-gcc (Ubuntu/Linaro 7.5.0-3ubuntu1~18.04) 7.5.0 ubuntu:18.04-x-m68k : Ok m68k-linux-gnu-gcc (Ubuntu 7.5.0-3ubuntu1~18.04) 7.5.0 ubuntu:18.04-x-powerpc : Ok powerpc-linux-gnu-gcc (Ubuntu 7.5.0-3ubuntu1~18.04) 7.5.0 ubuntu:18.04-x-powerpc64 : Ok powerpc64-linux-gnu-gcc (Ubuntu 7.5.0-3ubuntu1~18.04) 7.5.0 ubuntu:18.04-x-powerpc64el : Ok powerpc64le-linux-gnu-gcc (Ubuntu 7.5.0-3ubuntu1~18.04) 7.5.0 ubuntu:18.04-x-riscv64 : Ok riscv64-linux-gnu-gcc (Ubuntu 7.5.0-3ubuntu1~18.04) 7.5.0 ubuntu:18.04-x-s390 : Ok s390x-linux-gnu-gcc (Ubuntu 7.5.0-3ubuntu1~18.04) 7.5.0 ubuntu:18.04-x-sh4 : Ok sh4-linux-gnu-gcc (Ubuntu 7.5.0-3ubuntu1~18.04) 7.5.0 ubuntu:18.04-x-sparc64 : Ok sparc64-linux-gnu-gcc (Ubuntu 7.5.0-3ubuntu1~18.04) 7.5.0 ubuntu:20.04-x-powerpc64el : Ok powerpc64le-linux-gnu-gcc (Ubuntu 10.3.0-1ubuntu1~20.04) 10.3.0 ubuntu:20.10 : Ok gcc (Ubuntu 10.3.0-1ubuntu1~20.10) 10.3.0 , Ubuntu clang version 11.0.0-2 ubuntu:21.04 : Ok gcc (Ubuntu 10.3.0-1ubuntu1) 10.3.0 , Ubuntu clang version 12.0.0-3ubuntu1~21.04.2 ubuntu:21.10 : Ok gcc (Ubuntu 11.2.0-7ubuntu2) 11.2.0 , Ubuntu clang version 13.0.0-2 ubuntu:22.04 : Ok gcc (Ubuntu 11.2.0-13ubuntu1) 11.2.0 , Ubuntu clang version 13.0.0-9
-O2 -fPIC is needed to reproduce the warnings. The first one triggers for the free (id_239) call below, with free(_7) being the first free. Let me see what makes it think the two pointers are related. <bb 69> [local count: 866963891]: # _234 = PHI <_150(7), _233(68), _148(9)> # token_uri_escaped_237 = PHI <_7(7), token_uri_escaped_236(68), _8(9)> # id_239 = PHI <_7(7), id_238(68), _8(9)> free (_7); <<< first free free (id_239); <<< -Wuse-after-free free (token_uri_escaped_237); _157 = MEM[(void * *)&token_uri_string]; free (_157); token_uri_string ={v} {CLOBBER}; updated_token_info ={v} {CLOBBER}; return _234;
I reduced one instance of the warning to a GCC bug and opened https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104232 for it in GCC Bugzilla.
Fixed in the latest gcc build in Rawhide.