public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "redi at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug analyzer/109789] analyzer-use-of-uninitialized-value false positive inside function when array passed to the function is pre-initialized
Date: Fri, 12 May 2023 09:00:47 +0000 [thread overview]
Message-ID: <bug-109789-4-GDGJg1ckeA@http.gcc.gnu.org/bugzilla/> (raw)
In-Reply-To: <bug-109789-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109789
--- Comment #6 from Jonathan Wakely <redi at gcc dot gnu.org> ---
(In reply to Jonathan Wakely from comment #5)
> float dsp_abs_max(float *buf, size_t size) {
> for (size_t i = 0; i < size; i++)
> if (fabsf(buf[i]) > 1e-20f)
> dsp_abs_max_ret = fabsf(buf[i]);
> return dsp_abs_max_ret;
> }
> void export_audio(int nframes, float init, int count) {
> do {
> float tmp_l[nframes];
> for (int i = 0; i < nframes; i++)
> tmp_l[i] = init;
> float max_amp = dsp_abs_max(tmp_l, nframes);
I think the problem is that frames is signed int and is converted to size_t
when calling this function. The analyzer is complaining that if nframes is
negative, then you'll get a very large size_t and the loop inside dsp_abs_max
will read more variables than were init'd.
Of course if nframes is negative, the program has undefined behaviour anyway,
C17 6.7.6.2 says "each time it is evaluated
it shall have a value greater than zero".
So I think the analyzer should assume the size is greater than zero, or warn
about *that* possibility, at the point of the array declaration.
If you add this to export_audio() then there's no analyzer warning:
if (nframes < 1)
return;
next prev parent reply other threads:[~2023-05-12 9:00 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-09 12:44 [Bug c/109789] New: analyzer-use-of-uninitialized-value false positive alex at zrythm dot org
2023-05-09 12:49 ` [Bug c/109789] " alex at zrythm dot org
2023-05-12 3:13 ` [Bug analyzer/109789] " alex at zrythm dot org
2023-05-12 3:16 ` alex at zrythm dot org
2023-05-12 3:17 ` alex at zrythm dot org
2023-05-12 8:51 ` [Bug analyzer/109789] analyzer-use-of-uninitialized-value false positive inside function when array passed to the function is pre-initialized redi at gcc dot gnu.org
2023-05-12 9:00 ` redi at gcc dot gnu.org [this message]
2023-05-12 9:26 ` redi at gcc dot gnu.org
2023-05-12 9:32 ` redi at gcc dot gnu.org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-109789-4-GDGJg1ckeA@http.gcc.gnu.org/bugzilla/ \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-bugs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).