NagyDonat wrote: I looked at a few of the analysis reports together with Endre (= @gamesh411) and we found that: - Some previously undiagnosed reports [[1]](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?review-status=Unreviewed&review-status=Confirmed%20bug&detection-status=New&detection-status=Reopened&detection-status=Unresolved&is-unique=off&diff-type=New&checker-name=alpha.unix.cstring.UninitializedRead&report-hash=f63c20f3eeeacd8ad0db2f2564b22cd6&report-id=8062595&report-filepath=ffmpeg%2Flibavcodec%2Fcinepakenc.c) [[2]](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?review-status=Unreviewed&review-status=Confirmed%20bug&detection-status=New&detection-status=Reopened&detection-status=Unresolved&is-unique=off&diff-type=New&checker-name=alpha.unix.cstring.UninitializedRead&report-hash=72cb8095e75a6bae117bd597147ef673&report-id=8062828&report-filepath=ffmpeg%2Flibavcodec%2Fmotion_est_template.c) are actually true positives because the code copies a buffer which is partially uninitialized. (It also saves the size of the initialized segment, so it won't actually read from the uninitialized part; but still, the thing reported by the checker does happen.) - We found a small [false positive](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?review-status=Unreviewed&review-status=Confirmed%20bug&detection-status=New&detection-status=Reopened&detection-status=Unresolved&is-unique=off&diff-type=New&checker-name=alpha.unix.cstring.UninitializedRead&report-hash=46a6ca7504f89736bb12fdeca2c32b4a&report-id=8061076&report-filepath=sqlite%2Fsqlite3.c) which [we were able to reproduce](https://godbolt.org/#g:!((g:!((g:!((h:codeEditor,i:(filename:%271%27,fontScale:14,fontUsePx:%270%27,j:1,lang:c%2B%2B,selection:(endColumn:18,endLineNumber:1,positionColumn:18,positionLineNumber:1,selectionStartColumn:18,selectionStartLineNumber:1,startColumn:18,startLineNumber:1),source:%27%23include+%3Ccstring%3E%0Atypedef+long+long+i64%3B%0Atypedef+unsigned+long+long+u64%3B%0Avoid+foo(i64+v,+char+*zOut)+%7B%0A++++int+i%3B%0A++++u64+x%3B%0A++++char+zTemp%5B22%5D%3B%0A++++if+(v%3C0)%0A++++++return%3B%0A++++else%0A++++++x+%3D+v%3B%0A++++i+%3D+sizeof(zTemp)+-+2%3B%0A++++zTemp%5Bsizeof(zTemp)-1%5D+%3D+0%3B%0A++++while+(1)+%7B%0A++++++++zTemp%5Bi%5D+%3D+(x%2510)+%2B+!%270!%27%3B%0A++++++++x+%3D+x+/+10%3B%0A++++++++if+(x+%3D%3D+0)+break%3B%0A++++++++i--%3B%0A++++%7D%0A++++if+(v+%3C+0)%0A++++++zTemp%5B--i%5D+%3D+!%27-!%27%3B%0A++++memcpy(zOut,+%26zTemp%5Bi%5D,+sizeof(zTemp)-i)%3B%0A%7D%27),l:%275%27,n:%270%27,o:%27C%2B%2B+source+%231%27,t:%270%27)),k:44.94424939528422,l:%274%27,n:%270%27,o:%27%27,s:0,t:%270%27),(g:!((g:!((h:compiler,i:(compiler:clang_trunk,filters:(b:%270%27,binary:%271%27,binaryObject:%271%27,commentOnly:%270%27,debugCalls:%271%27,demangle:%271%27,directives:%270%27,execute:%271%27,intel:%271%27,libraryCode:%270%27,trim:%271%27,verboseDemangling:%270%27),flagsViewOpen:%271%27,fontScale:14,fontUsePx:%270%27,j:1,lang:c%2B%2B,libs:!((name:boost,ver:%27178%27),(name:outcome,ver:trunk)),options:%27--analyze+-Xclang+-analyzer-checker+-Xclang+alpha.unix.cstring.UninitializedRead%27,overrides:!(),selection:(endColumn:1,endLineNumber:1,positionColumn:1,positionLineNumber:1,selectionStartColumn:1,selectionStartLineNumber:1,startColumn:1,startLineNumber:1),source:1),l:%275%27,n:%270%27,o:%27+x86-64+clang+(trunk)+(Editor+%231)%27,t:%270%27)),header:(),k:55.05575060471577,l:%274%27,m:50,n:%270%27,o:%27%27,s:0,t:%270%27),(g:!((h:output,i:(compilerName:%27x86-64+clang+(trunk)%27,editorid:1,fontScale:14,fontUsePx:%270%27,j:1,wrap:%271%27),l:%275%27,n:%270%27,o:%27Output+of+x86-64+clang+(trunk)+(Compiler+%231)%27,t:%270%27)),header:(),l:%274%27,m:50,n:%270%27,o:%27%27,s:0,t:%270%27)),k:55.05575060471577,l:%273%27,n:%270%27,o:%27%27,t:%270%27)),l:%272%27,n:%270%27,o:%27%27,t:%270%27)),version:4) in godbolt. This is a regression that wasn't present in clang 22.1, Endre is working on fixing it right now.
Endre is also working on changing the "was initialized here" message to "was left uninitialized here" in the notes. We will revisit this PR (and the inspection of the rest of the analysis results) when Endre is done with these two subtasks. https://github.com/llvm/llvm-project/pull/196292 _______________________________________________ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
