From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=P/l5=GX=nifty.ne.jp=takashi.yano@sourceware.org>
Received: from dmta0010.nifty.com (mta-snd00006.nifty.com [106.153.226.38])
	by sourceware.org (Postfix) with ESMTPS id CC8C93858C20
	for <newlib@sourceware.org>; Fri, 10 Nov 2023 15:59:31 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org CC8C93858C20
Authentication-Results: sourceware.org; dmarc=fail (p=none dis=none) header.from=nifty.ne.jp
Authentication-Results: sourceware.org; spf=fail smtp.mailfrom=nifty.ne.jp
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org CC8C93858C20
Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=106.153.226.38
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1699631974; cv=none;
	b=rbNofjhQE5dkR//+I9OqpuCsez1uSRofGztt06rB5fXvaZB1LQfTLC5mVUUWRulzxbRJqAS5tcPFPPorBGyMP87rFIVDQae2gymOjTxxLh6gZJUeIMiS7iOhVxNCBQRzTy0gWPNs/eQfvCxs9tY7MTBM/VQi5IaDfhCdGvgv1pY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1699631974; c=relaxed/simple;
	bh=GfX63F6UVQV3M62Yaj2iNCI05g5eh0bWycHK/sl0tJM=;
	h=Date:From:To:Subject:Message-Id:Mime-Version; b=hQ1t9U9gLRGum8biqY1DpnuoAgOPfg/1Scu1iuSaZ4OVZhwt1Yh3iRx3VTpwKixOEXMiSwTzloRCi/0Bm6ieHbgt7EkH0LxDc40NiSPEnnB7ynfUPtbGSZE2nOnNsCOy3a94EC0yCsA9WurDy/w6A2TNYTJh34semYpNSyUGOuk=
ARC-Authentication-Results: i=1; server2.sourceware.org
Received: from HP-Z230 by dmta0010.nifty.com with ESMTP
          id <20231110155929598.SFRJ.108497.HP-Z230@nifty.com>
          for <newlib@sourceware.org>; Sat, 11 Nov 2023 00:59:29 +0900
Date: Sat, 11 Nov 2023 00:59:30 +0900
From: Takashi Yano <takashi.yano@nifty.ne.jp>
To: newlib@sourceware.org
Subject: Re: Coverity Scan: Analysis completed for RTEMS-Newlib
Message-Id: <20231111005930.0e9c21b8ff70b2160413e7a5@nifty.ne.jp>
In-Reply-To: <20231111005515.6e77d27ca9a5dfa3946fde28@nifty.ne.jp>
References: <654dcb688da84_69bd52d4ed1e699a037313@prd-scan-dashboard-0.mail>
	<CAF9ehCWYLfa8RKNLN=HZZFbifH4gpoTOs1ycsiBGOfN58jpReg@mail.gmail.com>
	<ZU5M4PUCpTBiQIhY@calimero.vinschen.de>
	<20231111005515.6e77d27ca9a5dfa3946fde28@nifty.ne.jp>
X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.30; i686-pc-mingw32)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-5.2 required=5.0 tests=BAYES_00,KAM_DMARC_STATUS,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,SPF_HELO_PASS,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <newlib.sourceware.org>

On Sat, 11 Nov 2023 00:55:15 +0900
Takashi Yano wrote:
> On Fri, 10 Nov 2023 16:31:44 +0100
> Corinna Vinschen wrote:
> > On Nov 10 08:50, Joel Sherrill wrote:
> > > Hmmmm.. an email just before the one I forwarded shows 6 new defects were
> > > added in the last commits. They appear to be the same issue I just
> > > forwarded but in different scanf variants.
> > > 
> > > CID 423229 (#1 of 1): Uninitialized scalar variable (UNINIT)2.
> > > uninit_use_in_call: Using uninitialized value f._flags2 when calling
> > > __ssvfiscanf_r. [show details
> > > <https://scan3.scan.coverity.com/eventId=13202494-1&modelId=13202494-0&fileInstanceId=104130545&filePath=%2Fhome%2Fjoel%2Frtems-cron-coverity%2Fsourceware-mirror-newlib-cygwin%2Fnewlib%2Flibc%2Fstdio%2Fvfscanf.c&fileStart=400&fileEnd=1980>
> > > ]
> > 
> > Looks like a false positive.
> > 
> > The ORIENT macro will set or reset the value of the _flags2 __SWID bit
> > if the _flags __SORD bit isn't set.  It never is set at the start, so
> > the _flags2 __SWID bit is always set.  And only then, the ORIENT macro
> > will check the value.
> 
> Perhaps, this happens because other bits of _flags2 than __SWID is not
> initialized.
> 
> Which is better solution do you think?
> (1) Modify ORIENT macro so that it returns (ori > 0) ? 1 : -1.
> (2) Initialize f._flags2 = 0 in sscanf() family.

Ah, this problem will also occur for sprintf() family. So it seems that
(1) is easier becase f._file = -1 is set at 41 places.

-- 
Takashi Yano <takashi.yano@nifty.ne.jp>