From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 11CDC3858C52; Fri, 3 Feb 2023 18:25:47 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 11CDC3858C52 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1675448747; bh=9jnal7lJIUtgRHGw3B1jGBawFFvrtqg75ZXOsfqGu/w=; h=From:To:Subject:Date:From; b=t6puPt0FDv/MVis0F5pYdQfalV9CkAPA3F4AYZDBNTMKA3ufn26Bc6Q77LKYpHWd2 vlYTxpmbGZk5Z8YFntk1OM2TL4BdnYQorclLbEqnrnFqwiaPS04QnPuzn7cAzkrOB1 x2IanR2fCfuGHxtyrO6UKY2Dc0Ls6Bus0zXDZ/a8= From: "dmalcolm at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug analyzer/108661] New: -Wanalyzer-use-of-uninitialized-value false positive seen in haproxy's sink_rotate_file_backed_ring Date: Fri, 03 Feb 2023 18:25:46 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: analyzer X-Bugzilla-Version: 13.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: dmalcolm at gcc dot gnu.org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: dmalcolm at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D108661 Bug ID: 108661 Summary: -Wanalyzer-use-of-uninitialized-value false positive seen in haproxy's sink_rotate_file_backed_ring Product: gcc Version: 13.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- Consider: #include #include #include struct ring { char buf[1024]; }; int test (const char *name) { struct ring ring; int fd; int ret; fd =3D open(name, O_RDONLY); if (fd < 0) return 0; ret =3D read(fd, &ring, sizeof(ring)); close(fd); if (ret !=3D sizeof(ring)) return 1; if (ring.buf[0] > 1) return 2; return 3; } Currently trunk emits this false positive: : In function 'test': :26:21: warning: use of uninitialized value 'ring.buf[0]' [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 26 | if (ring.buf[0] > 1) | ~~~~~~~~^~~ 'test': events 1-6 | | 12 | struct ring ring; | | ^~~~ | | | | | (1) region created on stack here |...... | 17 | if (fd < 0) | | ~=20=20=20=20=20=20=20=20=20 | | | | | (2) following 'false' branch (when 'fd >=3D 0')... |...... | 20 | ret =3D read(fd, &ring, sizeof(ring)); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (3) ...to here |...... | 23 | if (ret !=3D sizeof(ring)) | | ~=20=20=20=20=20=20=20=20=20 | | | | | (4) following 'false' branch (when 'ret =3D=3D 1024= ')... |...... | 26 | if (ring.buf[0] > 1) | | ~~~~~~~~~~~ | | | | | (5) ...to here | | (6) use of uninitialized value 'ring.buf[0= ]' here | Compiler returned: 0 https://godbolt.org/z/3sMhxej6P Looks like the analyzer might not "know" that when "read" returns the input size, that the buffer is fully populated.=