From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 0E1923858426; Fri, 12 May 2023 09:00:48 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 0E1923858426 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1683882048; bh=0mSjUgwE950RCjukCTQwmcFtfL3JZds2ZIN3ToydaaQ=; h=From:To:Subject:Date:In-Reply-To:References:From; b=VKoH1AErKA+b2SAksJvjmWGy4+dYYL5cDXp0ZQmAgIQ9/hV5PPlycm2qgHPf6G6tM 4abmfj7xrbRaoZeZWM2cuF4cTx7zlpAFfvR6sv12/QwhvpN3uNTVYRXXVjzBqBbojm JpV2jsanlxfyybZA02JNcFw7x1JlA5kvfk2+gyNE= From: "redi at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug analyzer/109789] analyzer-use-of-uninitialized-value false positive inside function when array passed to the function is pre-initialized Date: Fri, 12 May 2023 09:00:47 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: analyzer X-Bugzilla-Version: 13.1.1 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: redi at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: dmalcolm at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D109789 --- Comment #6 from Jonathan Wakely --- (In reply to Jonathan Wakely from comment #5) > float dsp_abs_max(float *buf, size_t size) { > for (size_t i =3D 0; i < size; i++) > if (fabsf(buf[i]) > 1e-20f) > dsp_abs_max_ret =3D fabsf(buf[i]); > return dsp_abs_max_ret; > } > void export_audio(int nframes, float init, int count) { > do { > float tmp_l[nframes]; > for (int i =3D 0; i < nframes; i++) > tmp_l[i] =3D init; > float max_amp =3D dsp_abs_max(tmp_l, nframes); I think the problem is that frames is signed int and is converted to size_t when calling this function. The analyzer is complaining that if nframes is negative, then you'll get a very large size_t and the loop inside dsp_abs_m= ax will read more variables than were init'd. Of course if nframes is negative, the program has undefined behaviour anywa= y, C17 6.7.6.2 says "each time it is evaluated it shall have a value greater than zero". So I think the analyzer should assume the size is greater than zero, or warn about *that* possibility, at the point of the array declaration. If you add this to export_audio() then there's no analyzer warning: if (nframes < 1) return;=