public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "dmalcolm at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug analyzer/109014] New: -Wanalyzer-use-of-uninitialized-value seen in pcre2-10.42's pcre2test.c Date: Fri, 03 Mar 2023 18:24:14 +0000 [thread overview] Message-ID: <bug-109014-4@http.gcc.gnu.org/bugzilla/> (raw) https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109014 Bug ID: 109014 Summary: -Wanalyzer-use-of-uninitialized-value seen in pcre2-10.42's pcre2test.c Product: gcc Version: 13.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- Created attachment 54579 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=54579&action=edit Partially reducer reproducer I'm about to commit a patch that provides a prototype implementation of sprintf; this leads to a new false positive on the attached: pcre2test.c: In function 'format_list_item': pcre2test.c:4448:21: warning: use of uninitialized value '*ff_44(D) + _2' [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 4448 | for (count = 0; ff[count] >= 0; count++) { | ~~^~~~~~~ 'main': events 1-12 | | 4565 | main(int argc, char** argv) | | ^~~~ | | | | | (1) entry to 'main' |...... | 4579 | while (argc > 1 && argv[op][0] == '-' && argv[op][1] != 0) { | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (2) following 'true' branch... | | (8) following 'true' branch... | 4580 | /* [...snip...] */ | 4581 | char* arg = argv[op]; | | ~ | | | | | (3) ...to here | | (9) ...to here |...... | 4585 | if (strcmp(arg, "-LP") == 0) { | | ~ | | | | | (4) following 'false' branch (when the strings are non-equal)... | | (10) following 'true' branch (when the strings are equal)... | 4586 | display_properties(0); | | ~~~~~~~~~~~~~~~~~~~~~ | | | | | (11) ...to here | | (12) calling 'display_properties' from 'main' |...... | 4592 | if (strcmp(arg, "-8") == 0) { | | ~~~~~~~~~~~~~~~~~~ | | || | | |(5) ...to here | | (6) following 'true' branch (when the strings are equal)... | 4593 | test_mode = 8; | | ~~~~~~~~~~~~~ | | | | | (7) ...to here | +--> 'display_properties': events 13-25 | | 4481 | display_properties(BOOL wantscripts) | | ^~~~~~~~~~~~~~~~~~ | | | | | (13) entry to 'display_properties' |...... | 4487 | int16_t found[256][5 + 1]; | | ~~~~~ | | | | | (14) region created on stack here |...... | 4492 | if (wantscripts) { | | ~ | | | | | (15) following 'false' branch (when 'wantscripts == 0')... |...... | 4496 | n = ucp_Bprop_Count; | | ~~~~~~~~~~~~~~~~~~~ | | | | | (16) ...to here |...... | 4500 | for (size_t i = 0; i < utt_size; i++) { | | ~~~~~~~~~~~~ | | | | | (17) following 'true' branch... | 4501 | int k; | 4502 | int m = 0; | | ~ | | | | | (18) ...to here |...... | 4507 | if (wantscripts) { | | ~ | | | | | (19) following 'false' branch (when 'wantscripts == 0')... |...... | 4511 | if (t->type != 13) | | ~~~~~~~~ | | | | | | | (20) ...to here | | (21) following 'true' branch... | | (22) ...to here |...... | 4544 | for (int k = 0; k < (n + 1) / 2; k++) { | | ~~~~~~~~~~~~~~~ | | | | | (23) following 'true' branch... |...... | 4549 | format_list_item(found[k], buff1, wantscripts); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | | | (24) ...to here | | (25) calling 'format_list_item' from 'display_properties' | +--> 'format_list_item': events 26-27 | | 4441 | format_list_item(int16_t* ff, char* buff, BOOL isscript) | | ^~~~~~~~~~~~~~~~ | | | | | (26) entry to 'format_list_item' |...... | 4448 | for (count = 0; ff[count] >= 0; count++) { | | ~~~~~~~~~ | | | | | (27) use of uninitialized value '*ff_44(D) + _2' here |
next reply other threads:[~2023-03-03 18:24 UTC|newest] Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-03-03 18:24 dmalcolm at gcc dot gnu.org [this message] 2023-03-03 18:29 ` [Bug analyzer/109014] " dmalcolm at gcc dot gnu.org 2023-03-03 23:01 ` cvs-commit at gcc dot gnu.org 2024-03-04 13:00 ` [Bug analyzer/109014] [13/14 Regression] " rguenth at gcc dot gnu.org 2024-03-08 15:38 ` law at gcc dot gnu.org 2024-05-21 9:14 ` [Bug analyzer/109014] [13/14/15 " jakub at gcc dot gnu.org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-109014-4@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).