public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
* [Bug c/111394] New: Warning about uninitialized memory that is actually initialized @ 2023-09-12 18:52 aiya64bits at gmail dot com 2023-09-12 20:16 ` [Bug c/111394] " pinskia at gcc dot gnu.org ` (3 more replies) 0 siblings, 4 replies; 5+ messages in thread From: aiya64bits at gmail dot com @ 2023-09-12 18:52 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111394 Bug ID: 111394 Summary: Warning about uninitialized memory that is actually initialized Product: gcc Version: unknown Status: UNCONFIRMED Severity: normal Priority: P3 Component: c Assignee: unassigned at gcc dot gnu.org Reporter: aiya64bits at gmail dot com Target Milestone: --- #include <stdio.h> #include <stdlib.h> int memoized_cut_rod_aux(const int p[], int n, int c, int r[]) { if (r[n] >= 0) return r[n]; int q = p[n - 1]; if (!n) { q = 0; } else { for (int i = 1; i <= n / 2; ++i) { const int v = p[i - 1] + memoized_cut_rod_aux(p, n - i, c, r) - c; if (v > q) q = v; } } r[n] = q; return q; } int memoized_cut_rod(const int p[], int n, int c) { int result; int *const r = malloc((n + 1) * sizeof(int)); if (!r) { fprintf(stderr, "Out of memory.\n"); exit(1); } for (int i = 0; i < n + 1; ++i) r[i] = -1; result = memoized_cut_rod_aux(p, n, c, r); free(r); return result; } The above code when compiled with "gcc -Wall -O3 -o rod_cutting rod_cutting.c" gives the following warning: In function ‘memoized_cut_rod_aux’, inlined from ‘memoized_cut_rod’ at rod_cutting.c:95:17: rod_cutting.c:59:14: warning: ‘*r_30 + _122’ may be used uninitialized [-Wmaybe-uninitialized] 59 | if (r[n] >= 0) | ~^~~ But all the elements of r are initialized to -1 in the loop in memoized_cut_rod. I got this warning with GCC 13.2.1 and then got the same warning with the trunk branch. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug c/111394] Warning about uninitialized memory that is actually initialized 2023-09-12 18:52 [Bug c/111394] New: Warning about uninitialized memory that is actually initialized aiya64bits at gmail dot com @ 2023-09-12 20:16 ` pinskia at gcc dot gnu.org 2023-09-12 21:18 ` [Bug tree-optimization/111394] " pinskia at gcc dot gnu.org ` (2 subsequent siblings) 3 siblings, 0 replies; 5+ messages in thread From: pinskia at gcc dot gnu.org @ 2023-09-12 20:16 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111394 --- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> --- N could be -1 which then would access out of bounds .. I suspect if you add a check for n being negative in memoized_cut_rod the warning will go away and a security issue is solved too. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug tree-optimization/111394] Warning about uninitialized memory that is actually initialized 2023-09-12 18:52 [Bug c/111394] New: Warning about uninitialized memory that is actually initialized aiya64bits at gmail dot com 2023-09-12 20:16 ` [Bug c/111394] " pinskia at gcc dot gnu.org @ 2023-09-12 21:18 ` pinskia at gcc dot gnu.org 2023-09-12 21:55 ` aiya64bits at gmail dot com 2023-09-12 22:04 ` pinskia at gcc dot gnu.org 3 siblings, 0 replies; 5+ messages in thread From: pinskia at gcc dot gnu.org @ 2023-09-12 21:18 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111394 Andrew Pinski <pinskia at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |INVALID --- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> --- Adding: if (n < 0) exit(1); Or: if (n < 0) __builtin_unreachable(); Fixes the warning. Yes the warning could be slightly better but it is definitely a bug in your code if you are not checking the input ... ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug tree-optimization/111394] Warning about uninitialized memory that is actually initialized 2023-09-12 18:52 [Bug c/111394] New: Warning about uninitialized memory that is actually initialized aiya64bits at gmail dot com 2023-09-12 20:16 ` [Bug c/111394] " pinskia at gcc dot gnu.org 2023-09-12 21:18 ` [Bug tree-optimization/111394] " pinskia at gcc dot gnu.org @ 2023-09-12 21:55 ` aiya64bits at gmail dot com 2023-09-12 22:04 ` pinskia at gcc dot gnu.org 3 siblings, 0 replies; 5+ messages in thread From: aiya64bits at gmail dot com @ 2023-09-12 21:55 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111394 Sayu <aiya64bits at gmail dot com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |UNCONFIRMED Resolution|INVALID |--- --- Comment #3 from Sayu <aiya64bits at gmail dot com> --- (In reply to Andrew Pinski from comment #1) > N could be -1 which then would access out of bounds .. > > I suspect if you add a check for n being negative in memoized_cut_rod the > warning will go away and a security issue is solved too. I see. I didn't realize that negative indexes are allowed in C, I always assumed it was undefined behavior or just invalid. However, what does "*r_30 + _122" mean in the warning? ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug tree-optimization/111394] Warning about uninitialized memory that is actually initialized 2023-09-12 18:52 [Bug c/111394] New: Warning about uninitialized memory that is actually initialized aiya64bits at gmail dot com ` (2 preceding siblings ...) 2023-09-12 21:55 ` aiya64bits at gmail dot com @ 2023-09-12 22:04 ` pinskia at gcc dot gnu.org 3 siblings, 0 replies; 5+ messages in thread From: pinskia at gcc dot gnu.org @ 2023-09-12 22:04 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111394 Andrew Pinski <pinskia at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |INVALID --- Comment #4 from Andrew Pinski <pinskia at gcc dot gnu.org> --- (In reply to Sayu from comment #3) > (In reply to Andrew Pinski from comment #1) > > N could be -1 which then would access out of bounds .. > > > > I suspect if you add a check for n being negative in memoized_cut_rod the > > warning will go away and a security issue is solved too. > > I see. I didn't realize that negative indexes are allowed in C, I always > assumed it was undefined behavior or just invalid. However, what does "*r_30 > + _122" mean in the warning? well for pointers it is not undefined. Just in this case it is being allocated via malloc which does make it undefined. But that is the whole reason for the warning. The trunk gives: In function 'memoized_cut_rod_aux', inlined from 'memoized_cut_rod' at <source>:34:14: <source>:5:10: warning: '*<unknown>' may be used uninitialized [-Wmaybe-uninitialized] 5 | if (r[n] >= 0) | ~^~~ Which was fixed by PR 111253 . But yes this is warning about r being used as not being initialized in the case n in memoized_cut_rod being negative and acessing r[n] here. ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-09-12 22:04 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2023-09-12 18:52 [Bug c/111394] New: Warning about uninitialized memory that is actually initialized aiya64bits at gmail dot com 2023-09-12 20:16 ` [Bug c/111394] " pinskia at gcc dot gnu.org 2023-09-12 21:18 ` [Bug tree-optimization/111394] " pinskia at gcc dot gnu.org 2023-09-12 21:55 ` aiya64bits at gmail dot com 2023-09-12 22:04 ` pinskia at gcc dot gnu.org
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).