public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "eggert at cs dot ucla.edu" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug analyzer/109628] New: -Wanalyzer-use-of-uninitialized-value false positive on static storage
Date: Tue, 25 Apr 2023 22:17:08 +0000 [thread overview]
Message-ID: <bug-109628-4@http.gcc.gnu.org/bugzilla/> (raw)
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109628
Bug ID: 109628
Summary: -Wanalyzer-use-of-uninitialized-value false positive
on static storage
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: eggert at cs dot ucla.edu
Target Milestone: ---
Created attachment 54919
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=54919&action=edit
compile with "gcc -fanalyzer -S" to reproduce the bug
I ran into this problem when compiling GNU coreutils fmt.c. This is with gcc
(GCC) 13.0.1 20230401 (Red Hat 13.0.1-0) on x86-64. Compile the attached
program with:
gzip -d u.i.gz
gcc -fanalyzer -S u.i
GCC outputs the following diagnostic which is a false positive because 'this'
points to the static array unused_word_type, and static storage by definition
is initialized.
u.i: In function ‘base_cost’:
u.i:5950:7: warning: use of uninitialized value ‘((unsigned
char*)&*this)[16]’ [CWE-457] [-Wanalyzer-use-of-uninitialized-value]
5950 | if (this->paren)
| ^~~~
‘fmt_paragraph’: events 1-4
|
| 5894 | fmt_paragraph (void)
| | ^~~~~~~~~~~~~
| | |
| | (1) entry to ‘fmt_paragraph’
|......
| 5903 | for (start = word_limit - 1; start >= unused_word_type;
start--)
| | ~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) following ‘true’
branch...
| 5904 | {
| 5905 | best = ((COST) (! (! ((COST) 0 < (COST) -1)) ?
(COST) -1 : ((((COST) 1 << ((sizeof (COST) * 8
| |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (3) ...to here
| 5906 | ) - 2)) - 1) * 2 + 1)));
| | ~~~~~~~~~~~~~~~~~~~~~~~
|......
| 5913 | wcost = line_cost (w, len) + w->best_cost;
| | ~~~~~~~~~~~~~~~~~~
| | |
| | (4) calling ‘line_cost’ from
‘fmt_paragraph’
|
+--> ‘line_cost’: events 5-7
|
| 5957 | line_cost (WORD *next, int len)
| | ^~~~~~~~~
| | |
| | (5) entry to ‘line_cost’
|......
| 5961 | if (next == word_limit)
| | ~
| | |
| | (6) following ‘true’ branch...
| 5962 | return 0;
| | ~
| | |
| | (7) ...to here
|
<------+
|
‘fmt_paragraph’: events 8-9
|
| 5913 | wcost = line_cost (w, len) + w->best_cost;
| | ^~~~~~~~~~~~~~~~~~
| | |
| | (8) returning to ‘fmt_paragraph’ from
‘line_cost’
|......
| 5922 | if (w == word_limit)
| | ~
| | |
| | (9) following ‘true’ branch...
|
‘fmt_paragraph’: event 10
|
|cc1:
| (10): ...to here
|
‘fmt_paragraph’: event 11
|
| 5927 | start->best_cost = best + base_cost (start);
| | ^~~~~~~~~~~~~~~~~
| | |
| | (11) calling ‘base_cost’
from ‘fmt_paragraph’
|
+--> ‘base_cost’: events 12-13
|
| 5932 | base_cost (WORD *this)
| | ^~~~~~~~~
| | |
| | (12) entry to ‘base_cost’
|......
| 5950 | if (this->paren)
| | ~~~~
| | |
| | (13) use of uninitialized value ‘((unsigned
char*)&*this)[16]’ here
|
next reply other threads:[~2023-04-25 22:17 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-25 22:17 eggert at cs dot ucla.edu [this message]
2024-02-16 19:21 ` [Bug analyzer/109628] " dmalcolm at gcc dot gnu.org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-109628-4@http.gcc.gnu.org/bugzilla/ \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-bugs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).