[Bug analyzer/105784] New: -Wanalyzer-use-of-uninitialized-value false positive on partly initialized array
eggert at cs dot ucla.edu
gcc-bugzilla@gcc.gnu.org
Tue May 31 02:13:43 GMT 2022
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105784
Bug ID: 105784
Summary: -Wanalyzer-use-of-uninitialized-value false positive
on partly initialized array
Product: gcc
Version: 12.1.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: eggert at cs dot ucla.edu
Target Milestone: ---
Created attachment 53056
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=53056&action=edit
False positive with -O2 -fanalyzer -Wanalyzer-use-of-uninitialized-value
I found this bug with GCC 12.1.1 20220507 (Red Hat 12.1.1-1) on x86-64. Compile
the attached program x.i (which is simplified from GNU Emacs master) with:
gcc -O2 -fanalyzer -Wanalyzer-use-of-uninitialized-value -S x.i
The GCC output is as follows. This is a false positive, since *src must point
into the initialized part of the array.
x.i: In function ‘ccl_driver’:
x.i:13:11: warning: use of uninitialized value ‘*src’ [CWE-457]
[-Wanalyzer-use-of-uninitialized-value]
13 | i = *src++;
| ~~^~~~~~~~
‘Fccl_execute_on_string’: events 1-5
|
| 19 | Fccl_execute_on_string (char *str, long str_bytes)
| | ^~~~~~~~~~~~~~~~~~~~~~
| | |
| | (1) entry to ‘Fccl_execute_on_string’
|......
| 25 | int source[1024];
| | ~~~~~~
| | |
| | (2) region created on stack here
|......
| 28 | while (src_size < 1024 && p < endp)
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (3) following ‘false’ branch...
|......
| 31 | ccl_driver (source, src_size);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (4) ...to here
| | (5) calling ‘ccl_driver’ from ‘Fccl_execute_on_string’
|
+--> ‘ccl_driver’: events 6-11
|
| 5 | ccl_driver (int *source, int src_size)
| | ^~~~~~~~~~
| | |
| | (6) entry to ‘ccl_driver’
|......
| 10 | while (!quit_flag)
| | ~~~~~~~~~~
| | |
| | (7) following ‘false’ branch...
| 11 | {
| 12 | if (src < src_end)
| | ~
| | |
| | (8) ...to here
| | (9) following ‘true’ branch (when ‘src <
src_end’)...
| 13 | i = *src++;
| | ~~~~~~~~~~
| | | |
| | | (10) ...to here
| | (11) use of uninitialized value ‘*src’ here
|
More information about the Gcc-bugs
mailing list