Hi, I'm analyzing the results of SAST reports (combination of coverity,snyk,cppcheck,gcc,clang,shellcheck,unicontrol), and from 20 findings I identified a few that might be a true positive.
However, I would like to ask you for the help to resolve it, as I'm not 100% aware of the code internals. I've already created an issue [1] to the man-db GitLab repository, but I was asked to raise it here as it's a more relevant place. It's basically one (possible) bug, which affects multiple places in the code. Here is the original report: ``` Error: UNINIT (CWE-457): man-db-2.12.0/gl/lib/gl_anytree_list2.h:584: var_decl: Declaring variable "result" without initializer. man-db-2.12.0/gl/lib/gl_anytree_list2.h:603: uninit_use: Using uninitialized value "result". Field "result.count" is uninitialized. # 601| #endif # 602| # 603|-> return result; # 604| } # 605| ``` >From my analysis, I believe that if the `GCC_LINT` or `lint` macros are not defined, the elements `i`, `j`, and `count` from the `gl_map_iterator_t` struct are not initialized (which could cause an undefined behavior). I checked the build logs [1] on how we build it in Fedora/RHEL and I didn't find any of these two macros in the logs. What do you think about this bug? Thank you so much for the feedback and help. [1] https://gitlab.com/man-db/man-db/-/issues/42#note_2050673094 [2] https://kojipkgs.fedoraproject.org//packages/man-db/2.12.1/2.fc41/data/logs/x86_64/build.log -- S pozdravom/ Best regards Lukáš Javorský Senior Software Engineer, Core service - Databases Red Hat Purkyňova 115 (TPB-C) 612 00 Brno - Královo Pole [email protected]
