https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104369
Bug ID: 104369
Summary: False positive from
-Wanalyzer-use-of-uninitialized-value with realloc
moving buffer
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Target Milestone: ---
Created attachment 52343
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=52343&action=edit
Reduced reproducer
The attached reproducer emits two false positives from
-Wanalyzer-use-of-uninitialized-value, both "when 'realloc' succeeds, moving
buffer", the first of which is:
<source>: In function 'main':
<source>:79:34: warning: use of uninitialized value '*pollfds.fd' [CWE-457]
[-Wanalyzer-use-of-uninitialized-value]
79 | pollfds[nsockets - 1].fd = accept(pollfds[0].fd, &remote, &len);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'main': events 1-7
|
| 62 | if (!pollfds) {
| | ^
| | |
| | (1) following 'false' branch (when 'pollfds' is non-NULL)...
|......
| 67 | rc = ppoll(pollfds, nsockets, NULL, NULL);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) ...to here
|......
| 74 | newpollfds = realloc(pollfds, nsockets * sizeof(*pollfds));
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (3) when 'realloc' succeeds, moving buffer
| | (4) region created on heap here
| 75 | if (!newpollfds) {
| | ~
| | |
| | (5) following 'false' branch (when 'newpollfds' is
non-NULL)...
|......
| 78 | pollfds = newpollfds;
| | ~~~~~~~~~~~~~~~~~~~~
| | |
| | (6) ...to here
| 79 | pollfds[nsockets - 1].fd = accept(pollfds[0].fd, &remote,
&len);
| |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (7) use of uninitialized value
'*pollfds.fd' here
|
On Compiler Explorer:
https://godbolt.org/z/EKrnsoaY4
>From downstream report:
https://bugzilla.redhat.com/show_bug.cgi?id=2047926#c5
