[glib: 1/2] gobject: Change GObject notify semantics under static analysis

From: Philip Withnall <pwithnall src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib: 1/2] gobject: Change GObject notify semantics under static analysis
Date: Fri, 17 Jun 2022 15:47:45 +0000 (UTC)


commit 0932f71460a93a7b81e771745bd30a0391a9bc65
Author: Philip Withnall <pwithnall endlessos org>
Date:   Tue Jun 14 11:25:50 2022 +0100

    gobject: Change GObject notify semantics under static analysis
    
    Coverity notices the `g_object_unref()` call in `g_object_notify()`, but
    not the paired `g_object_ref()` call. It therefore incorrectly assumes
    that every call to `g_object_notify()` frees the object. This causes a
    lot (hundreds) of false positive reports about double-frees or
    use-after-frees.
    
    I can’t find a way to fix this using a model file, so the other options
    are:
     * Manually mark every report as a false positive and keep updating them
       as the code changes over time. This would take a lot of maintainer
       effort.
     * Comment out the `g_object_ref()`/`g_object_unref()` calls when
       running static analysis (but not in a normal production build). This
       is ugly, but cheap and shouldn’t impact maintainability much.
    
    So this commit implements option 2.
    
    Signed-off-by: Philip Withnall <pwithnall endlessos org>

 gobject/gobject.c | 11 +++++++++++
 1 file changed, 11 insertions(+)
---
diff --git a/gobject/gobject.c b/gobject/gobject.c
index e71547c19a..c24c24c169 100644
--- a/gobject/gobject.c
+++ b/gobject/gobject.c
@@ -1465,13 +1465,24 @@ g_object_notify_by_spec_internal (GObject    *object,
         }
       else
         {
+          /*
+           * Coverity doesn’t understand the paired ref/unref here and seems to
+           * ignore the ref, thus reports every call to g_object_notify() as
+           * causing a double-free. That’s incorrect, but I can’t get a model
+           * file to work for avoiding the false positives, so instead comment
+           * out the ref/unref when doing static analysis.
+           */
+#ifndef __COVERITY__
           g_object_ref (object);
+#endif
 
           /* not frozen, so just dispatch the notification directly */
           G_OBJECT_GET_CLASS (object)
               ->dispatch_properties_changed (object, 1, &pspec);
 
+#ifndef __COVERITY__
           g_object_unref (object);
+#endif
         }
     }
 }

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]