On Sat, 23 Aug 2025, 10:20 organicoman, <organicoman_at_[hidden]> wrote:

>
>
>
> Use after free, double free...etc will be more like to be caught in code
> {
> m_ptr = new T;
>
> // if all the following take m_ptr by reference
> inspect_maybe_free(m_ptr);
> transform_maybe_free(m_ptr);
> maybe_free(m_ptr);
>
> // i can detect if delete was called before.
> if(m_ptr) delete m_ptr;
> }
>
> With the current implementation, you cannot do this.
>
> This is in practice what I would consider an actual trivial UaF, because
> straight line examples you’ve presented are so easily automatically
> detected and presented.
>
>
> I don't see how my example is a trivial straight line UaF or double free.
> Given the current implementation of delete,
> If you pass the pointer by copy, when you return back to the caller,
> nothing can tell if the resource was freed inside the callees.
> If you pass by reference, you have to zero out the pointer manually in
> the callee scope (error prone).
>

So stop using raw pointers like this then.


So, for an analyzer, it cannot tell what happens inside the callees unless
> it traverses all the calling tree, inside each callee...., and that is not
> trivial!
>
> But your suggestion of a compiler flag, would do the job I guess.
>
>