https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104369
Bug ID: 104369 Summary: False positive from -Wanalyzer-use-of-uninitialized-value with realloc moving buffer Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- Created attachment 52343 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=52343&action=edit Reduced reproducer The attached reproducer emits two false positives from -Wanalyzer-use-of-uninitialized-value, both "when 'realloc' succeeds, moving buffer", the first of which is: <source>: In function 'main': <source>:79:34: warning: use of uninitialized value '*pollfds.fd' [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 79 | pollfds[nsockets - 1].fd = accept(pollfds[0].fd, &remote, &len); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'main': events 1-7 | | 62 | if (!pollfds) { | | ^ | | | | | (1) following 'false' branch (when 'pollfds' is non-NULL)... |...... | 67 | rc = ppoll(pollfds, nsockets, NULL, NULL); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (2) ...to here |...... | 74 | newpollfds = realloc(pollfds, nsockets * sizeof(*pollfds)); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (3) when 'realloc' succeeds, moving buffer | | (4) region created on heap here | 75 | if (!newpollfds) { | | ~ | | | | | (5) following 'false' branch (when 'newpollfds' is non-NULL)... |...... | 78 | pollfds = newpollfds; | | ~~~~~~~~~~~~~~~~~~~~ | | | | | (6) ...to here | 79 | pollfds[nsockets - 1].fd = accept(pollfds[0].fd, &remote, &len); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (7) use of uninitialized value '*pollfds.fd' here | On Compiler Explorer: https://godbolt.org/z/EKrnsoaY4 >From downstream report: https://bugzilla.redhat.com/show_bug.cgi?id=2047926#c5