public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "dmalcolm at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug analyzer/108661] New: -Wanalyzer-use-of-uninitialized-value false positive seen in haproxy's sink_rotate_file_backed_ring Date: Fri, 03 Feb 2023 18:25:46 +0000 [thread overview] Message-ID: <bug-108661-4@http.gcc.gnu.org/bugzilla/> (raw) https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108661 Bug ID: 108661 Summary: -Wanalyzer-use-of-uninitialized-value false positive seen in haproxy's sink_rotate_file_backed_ring Product: gcc Version: 13.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- Consider: #include <sys/stat.h> #include <fcntl.h> #include <unistd.h> struct ring { char buf[1024]; }; int test (const char *name) { struct ring ring; int fd; int ret; fd = open(name, O_RDONLY); if (fd < 0) return 0; ret = read(fd, &ring, sizeof(ring)); close(fd); if (ret != sizeof(ring)) return 1; if (ring.buf[0] > 1) return 2; return 3; } Currently trunk emits this false positive: <source>: In function 'test': <source>:26:21: warning: use of uninitialized value 'ring.buf[0]' [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 26 | if (ring.buf[0] > 1) | ~~~~~~~~^~~ 'test': events 1-6 | | 12 | struct ring ring; | | ^~~~ | | | | | (1) region created on stack here |...... | 17 | if (fd < 0) | | ~ | | | | | (2) following 'false' branch (when 'fd >= 0')... |...... | 20 | ret = read(fd, &ring, sizeof(ring)); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (3) ...to here |...... | 23 | if (ret != sizeof(ring)) | | ~ | | | | | (4) following 'false' branch (when 'ret == 1024')... |...... | 26 | if (ring.buf[0] > 1) | | ~~~~~~~~~~~ | | | | | (5) ...to here | | (6) use of uninitialized value 'ring.buf[0]' here | Compiler returned: 0 https://godbolt.org/z/3sMhxej6P Looks like the analyzer might not "know" that when "read" returns the input size, that the buffer is fully populated.
next reply other threads:[~2023-02-03 18:25 UTC|newest] Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-02-03 18:25 dmalcolm at gcc dot gnu.org [this message] 2023-02-03 18:27 ` [Bug analyzer/108661] [13 Regression] " dmalcolm at gcc dot gnu.org 2023-02-06 7:46 ` rguenth at gcc dot gnu.org 2023-02-07 21:11 ` cvs-commit at gcc dot gnu.org 2023-02-07 21:25 ` dmalcolm at gcc dot gnu.org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-108661-4@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).