public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "dmalcolm at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug analyzer/108661] New: -Wanalyzer-use-of-uninitialized-value false positive seen in haproxy's sink_rotate_file_backed_ring
Date: Fri, 03 Feb 2023 18:25:46 +0000 [thread overview]
Message-ID: <bug-108661-4@http.gcc.gnu.org/bugzilla/> (raw)
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108661
Bug ID: 108661
Summary: -Wanalyzer-use-of-uninitialized-value false positive
seen in haproxy's sink_rotate_file_backed_ring
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Target Milestone: ---
Consider:
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
struct ring
{
char buf[1024];
};
int test (const char *name)
{
struct ring ring;
int fd;
int ret;
fd = open(name, O_RDONLY);
if (fd < 0)
return 0;
ret = read(fd, &ring, sizeof(ring));
close(fd);
if (ret != sizeof(ring))
return 1;
if (ring.buf[0] > 1)
return 2;
return 3;
}
Currently trunk emits this false positive:
<source>: In function 'test':
<source>:26:21: warning: use of uninitialized value 'ring.buf[0]' [CWE-457]
[-Wanalyzer-use-of-uninitialized-value]
26 | if (ring.buf[0] > 1)
| ~~~~~~~~^~~
'test': events 1-6
|
| 12 | struct ring ring;
| | ^~~~
| | |
| | (1) region created on stack here
|......
| 17 | if (fd < 0)
| | ~
| | |
| | (2) following 'false' branch (when 'fd >= 0')...
|......
| 20 | ret = read(fd, &ring, sizeof(ring));
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (3) ...to here
|......
| 23 | if (ret != sizeof(ring))
| | ~
| | |
| | (4) following 'false' branch (when 'ret == 1024')...
|......
| 26 | if (ring.buf[0] > 1)
| | ~~~~~~~~~~~
| | |
| | (5) ...to here
| | (6) use of uninitialized value 'ring.buf[0]'
here
|
Compiler returned: 0
https://godbolt.org/z/3sMhxej6P
Looks like the analyzer might not "know" that when "read" returns the input
size, that the buffer is fully populated.
next reply other threads:[~2023-02-03 18:25 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-03 18:25 dmalcolm at gcc dot gnu.org [this message]
2023-02-03 18:27 ` [Bug analyzer/108661] [13 Regression] " dmalcolm at gcc dot gnu.org
2023-02-06 7:46 ` rguenth at gcc dot gnu.org
2023-02-07 21:11 ` cvs-commit at gcc dot gnu.org
2023-02-07 21:25 ` dmalcolm at gcc dot gnu.org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-108661-4@http.gcc.gnu.org/bugzilla/ \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-bugs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).