From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 4543A385841D; Fri, 3 Mar 2023 18:24:15 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 4543A385841D DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1677867855; bh=WCdSPggJj3PbIcl9xd4mwPDTWuXTWyDUGsqDD27T5Yk=; h=From:To:Subject:Date:From; b=Mq224ihfqbZVgQcxAKXRVNRR+4plkwVEtGt8LRPjeVzwteTUunM9+WK5g6dVP1iA6 vBKMG2QhqAcpuY+BiXh6bfHw7bbQc+6P+ELovPXqo6rKd0QgpRwNeJXcDCLlQGp1yt 7lIkn01ndC2vUj6/oF/kFYRx5gVaqbEn7Q/8ddbc= From: "dmalcolm at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug analyzer/109014] New: -Wanalyzer-use-of-uninitialized-value seen in pcre2-10.42's pcre2test.c Date: Fri, 03 Mar 2023 18:24:14 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: analyzer X-Bugzilla-Version: 13.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: dmalcolm at gcc dot gnu.org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: dmalcolm at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D109014 Bug ID: 109014 Summary: -Wanalyzer-use-of-uninitialized-value seen in pcre2-10.42's pcre2test.c Product: gcc Version: 13.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- Created attachment 54579 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=3D54579&action=3Dedit Partially reducer reproducer I'm about to commit a patch that provides a prototype implementation of sprintf; this leads to a new false positive on the attached: pcre2test.c: In function 'format_list_item': pcre2test.c:4448:21: warning: use of uninitialized value '*ff_44(D) + _2' [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 4448 | for (count =3D 0; ff[count] >=3D 0; count++) { | ~~^~~~~~~ 'main': events 1-12 | | 4565 | main(int argc, char** argv) | | ^~~~ | | | | | (1) entry to 'main' |...... | 4579 | while (argc > 1 && argv[op][0] =3D=3D '-' && argv[op][1] != =3D 0) { | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (2) following 'true' branch... | | (8) following 'true' branch... | 4580 | /* [...snip...] */ | 4581 | char* arg =3D argv[op]; | | ~ | | | | | (3) ...to here | | (9) ...to here |...... | 4585 | if (strcmp(arg, "-LP") =3D=3D 0) { | | ~ | | | | | (4) following 'false' branch (when the strings are non-equal)... | | (10) following 'true' branch (when the strings are equal)... | 4586 | display_properties(0); | | ~~~~~~~~~~~~~~~~~~~~~ | | | | | (11) ...to here | | (12) calling 'display_properties' from 'main' |...... | 4592 | if (strcmp(arg, "-8") =3D=3D 0) { | | ~~~~~~~~~~~~~~~~~~ | | || | | |(5) ...to here | | (6) following 'true' branch (when the strings are equal= )... | 4593 | test_mode =3D 8; | | ~~~~~~~~~~~~~ | | | | | (7) ...to here | +--> 'display_properties': events 13-25 | | 4481 | display_properties(BOOL wantscripts) | | ^~~~~~~~~~~~~~~~~~ | | | | | (13) entry to 'display_properties' |...... | 4487 | int16_t found[256][5 + 1]; | | ~~~~~ | | | | | (14) region created on stack here |...... | 4492 | if (wantscripts) { | | ~ | | | | | (15) following 'false' branch (when 'wantscripts = =3D=3D 0')... |...... | 4496 | n =3D ucp_Bprop_Count; | | ~~~~~~~~~~~~~~~~~~~ | | | | | (16) ...to here |...... | 4500 | for (size_t i =3D 0; i < utt_size; i++) { | | ~~~~~~~~~~~~ | | | | | (17) following 'true' branch... | 4501 | int k; | 4502 | int m =3D 0; | | ~ | | | | | (18) ...to here |...... | 4507 | if (wantscripts) { | | ~ | | | | | (19) following 'false' branch (when 'wantscripts= =3D=3D 0')... |...... | 4511 | if (t->type !=3D 13) | | ~~~~~~~~ | | | | | | | (20) ...to here | | (21) following 'true' branch... | | (22) ...to here |...... | 4544 | for (int k =3D 0; k < (n + 1) / 2; k++) { | | ~~~~~~~~~~~~~~~ | | | | | (23) following 'true' branch... |...... | 4549 | format_list_item(found[k], buff1, wantscripts); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | | | (24) ...to here | | (25) calling 'format_list_item' from 'display_properties' | +--> 'format_list_item': events 26-27 | | 4441 | format_list_item(int16_t* ff, char* buff, BOOL isscript) | | ^~~~~~~~~~~~~~~~ | | | | | (26) entry to 'format_list_item' |...... | 4448 | for (count =3D 0; ff[count] >=3D 0; count++) { | | ~~~~~~~~~ | | | | | (27) use of uninitialized va= lue '*ff_44(D) + _2' here |=