gdbusdaemon: Disable scan-build for GDBusDaemon name refcounting

See the code comment. scan-build can’t handle analysis over the refcounts, so consistently complains about potential use-after-free errors in the code, essentially because: * It understands `name_unref()`, but completely ignores `name_ref()` * The code often calls `name_unref()` on the ‘wrong’ pointer, in the sense that it knows that if another struct exists, that struct holds a ref on a `Name`, but without actually having a pointer to the `Name`. So the code calls `name_unref (name); name_unref (name)`. That’s valid, but quite understandably looks like a recipe for a use-after-free. Signed-off-by: Philip Withnall <pwithnall@gnome.org> Helps: #1767
2025-01-23 12:41:50 +01:00 · 2024-04-12 15:10:34 +01:00 · 2024-04-12 15:10:34 +01:00 · 9f3322c784
commit 9f3322c784
parent 672a33002e
1 changed files with 11 additions and 0 deletions
--- a/gio/gdbusdaemon.c
+++ b/gio/gdbusdaemon.c
@ -199,6 +199,16 @@ name_ref (Name *name)
 static void
 name_unref (Name *name)
 {
+  /* scan-build with clang-17 can’t follow the refcounting of `Name` structs
+   * throughout this file. Probably because there are structures like `NameOwner`
+   * which cause a ref to be added to a `Name` while they exist, but which don’t
+   * actually have a pointer to the `Name`, so the unref of the `Name` when they
+   * are freed looks like a double-unref.
+   *
+   * So, until the static analysis improves, or we find some way to restructure
+   * the code, squash the false positive use-after-free or double-unref warnings
+   * by making this function a no-op to the static analyser. */
+#ifndef G_ANALYZER_ANALYZING
  g_assert (name->refcount > 0);
  if (--name->refcount == 0)
    {
@ -206,6 +216,7 @@ name_unref (Name *name)
      g_free (name->name);
      g_free (name);
    }
+#endif
 }

 static Name *