https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90624
Bug ID: 90624 Summary: nt_spawnve() may use stack variable escape_char uninitialized (in gcc/ada/terminals.c) Product: gcc Version: 9.1.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: ada Assignee: unassigned at gcc dot gnu.org Reporter: adamrichter4 at gmail dot com CC: adamrichter4 at gmail dot com Target Milestone: --- cppcheck noticed that, in pristine gcc-9.1.0 from ftp.gnu.org, in the file gcc-9.1.0/gcc/ada/terminals.c, the static function nt_spawnve contains a local variable escape_char that appears to be used in some string processing without its value ever being set. I believe that the value of escape_char is actually never set, because the static variable Vw32_quote_process_args is always zero. I have not attempted to build gcc-9.1.0 with Ada enabled, because I am basically just trying cppcheck on a bunch of different source trees. However, I have installed gcc-9.1.0 and could try building the Ada support if that would really help with processing of this bug report. I do not have a proposed patch at this point because I am not sure what value escape_char should default to. My guess is '\\'. The public function __gnat_setup_child_communication is the only function that calls nt_spawnve. __gnat_setup_child_communication does not appear to be called by anything in the gcc source tree, so I am guessing that this is some for some runtime support library similar to libgcc. Thanks for considering this report of a possible bug.