public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "dmalcolm at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug analyzer/109014] New: -Wanalyzer-use-of-uninitialized-value seen in pcre2-10.42's pcre2test.c
Date: Fri, 03 Mar 2023 18:24:14 +0000 [thread overview]
Message-ID: <bug-109014-4@http.gcc.gnu.org/bugzilla/> (raw)
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109014
Bug ID: 109014
Summary: -Wanalyzer-use-of-uninitialized-value seen in
pcre2-10.42's pcre2test.c
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Target Milestone: ---
Created attachment 54579
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=54579&action=edit
Partially reducer reproducer
I'm about to commit a patch that provides a prototype implementation of
sprintf; this leads to a new false positive on the attached:
pcre2test.c: In function 'format_list_item':
pcre2test.c:4448:21: warning: use of uninitialized value '*ff_44(D) + _2'
[CWE-457] [-Wanalyzer-use-of-uninitialized-value]
4448 | for (count = 0; ff[count] >= 0; count++) {
| ~~^~~~~~~
'main': events 1-12
|
| 4565 | main(int argc, char** argv)
| | ^~~~
| | |
| | (1) entry to 'main'
|......
| 4579 | while (argc > 1 && argv[op][0] == '-' && argv[op][1] != 0) {
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) following 'true'
branch...
| | (8) following 'true'
branch...
| 4580 | /* [...snip...] */
| 4581 | char* arg = argv[op];
| | ~
| | |
| | (3) ...to here
| | (9) ...to here
|......
| 4585 | if (strcmp(arg, "-LP") == 0) {
| | ~
| | |
| | (4) following 'false' branch (when the strings are
non-equal)...
| | (10) following 'true' branch (when the strings are
equal)...
| 4586 | display_properties(0);
| | ~~~~~~~~~~~~~~~~~~~~~
| | |
| | (11) ...to here
| | (12) calling 'display_properties' from 'main'
|......
| 4592 | if (strcmp(arg, "-8") == 0) {
| | ~~~~~~~~~~~~~~~~~~
| | ||
| | |(5) ...to here
| | (6) following 'true' branch (when the strings are equal)...
| 4593 | test_mode = 8;
| | ~~~~~~~~~~~~~
| | |
| | (7) ...to here
|
+--> 'display_properties': events 13-25
|
| 4481 | display_properties(BOOL wantscripts)
| | ^~~~~~~~~~~~~~~~~~
| | |
| | (13) entry to 'display_properties'
|......
| 4487 | int16_t found[256][5 + 1];
| | ~~~~~
| | |
| | (14) region created on stack here
|......
| 4492 | if (wantscripts) {
| | ~
| | |
| | (15) following 'false' branch (when 'wantscripts ==
0')...
|......
| 4496 | n = ucp_Bprop_Count;
| | ~~~~~~~~~~~~~~~~~~~
| | |
| | (16) ...to here
|......
| 4500 | for (size_t i = 0; i < utt_size; i++) {
| | ~~~~~~~~~~~~
| | |
| | (17) following 'true' branch...
| 4501 | int k;
| 4502 | int m = 0;
| | ~
| | |
| | (18) ...to here
|......
| 4507 | if (wantscripts) {
| | ~
| | |
| | (19) following 'false' branch (when 'wantscripts ==
0')...
|......
| 4511 | if (t->type != 13)
| | ~~~~~~~~
| | | |
| | | (20) ...to here
| | (21) following 'true' branch...
| | (22) ...to here
|......
| 4544 | for (int k = 0; k < (n + 1) / 2; k++) {
| | ~~~~~~~~~~~~~~~
| | |
| | (23) following 'true' branch...
|......
| 4549 | format_list_item(found[k], buff1, wantscripts);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | | |
| | | (24) ...to here
| | (25) calling 'format_list_item' from
'display_properties'
|
+--> 'format_list_item': events 26-27
|
| 4441 | format_list_item(int16_t* ff, char* buff, BOOL
isscript)
| | ^~~~~~~~~~~~~~~~
| | |
| | (26) entry to 'format_list_item'
|......
| 4448 | for (count = 0; ff[count] >= 0; count++) {
| | ~~~~~~~~~
| | |
| | (27) use of uninitialized value
'*ff_44(D) + _2' here
|
next reply other threads:[~2023-03-03 18:24 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-03 18:24 dmalcolm at gcc dot gnu.org [this message]
2023-03-03 18:29 ` [Bug analyzer/109014] " dmalcolm at gcc dot gnu.org
2023-03-03 23:01 ` cvs-commit at gcc dot gnu.org
2024-03-04 13:00 ` [Bug analyzer/109014] [13/14 Regression] " rguenth at gcc dot gnu.org
2024-03-08 15:38 ` law at gcc dot gnu.org
2024-05-21 9:14 ` [Bug analyzer/109014] [13/14/15 " jakub at gcc dot gnu.org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-109014-4@http.gcc.gnu.org/bugzilla/ \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-bugs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).