https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108664
Bug ID: 108664
Summary: -Wanalyzer-use-of-uninitialized-value false positive
seen in coreutils's cksum.c: cksum_slice8
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Target Milestone: ---
Created attachment 54407
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=54407&action=edit
Reproducer
Trunk emits false postives:
https://godbolt.org/z/9Mjcr3j1W
in which the analyzer doesn't seem to grok that fread_unlocked will have
initialized part of the buffer when the return value is checked.
<source>: In function 'cksum_slice8':
<source>:58:16: warning: use of uninitialized value '*datap_52' [CWE-457]
[-Wanalyzer-use-of-uninitialized-value]
58 | uint32_t first = *datap++, second = *datap++;
| ^~~~~
'cksum_slice8': events 1-2
|
| 33 | uint32_t buf[(1 << 16) / sizeof(uint32_t)];
| | ^~~
| | |
| | (1) region created on stack here
|......
| 38 | if (!fp || !crc_out || !length_out)
| | ~
| | |
| | (2) following 'false' branch...
|
'cksum_slice8': event 3
|
|cc1:
| (3): ...to here
|
'cksum_slice8': events 4-12
|
| 41 | while ((bytes_read = fread_unlocked(buf, 1, (1 << 16), fp)) > 0)
{
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~
| | |
| | (4)
following 'true' branch (when 'bytes_read != 0')...
|......
| 44 | if (length + bytes_read < length) {
| | ~~~~~~~~~~~~~~~~~~~~
| | | |
| | | (5) ...to here
| | (6) following 'false' branch...
|......
| 49 | length += bytes_read;
| | ~~~~~~~~~~~~~~~~~~~~
| | |
| | (7) ...to here
| 50 |
| 51 | if (bytes_read == 0) {
| | ~
| | |
| | (8) following 'false' branch (when 'bytes_read != 0')...
|......
| 56 | datap = (uint32_t*)buf;
| | ~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (9) ...to here
| 57 | while (bytes_read >= 8) {
| | ~~~~~~~~~~~~~~~
| | |
| | (10) following 'true' branch (when
'bytes_read > 7')...
| 58 | uint32_t first = *datap++, second = *datap++;
| | ~~~~~ ~~~~~~~
| | | |
| | | (11) ...to here
| | (12) use of uninitialized value '*datap_52' here
|
<source>:58:34: warning: use of uninitialized value '*datap_77' [CWE-457]
[-Wanalyzer-use-of-uninitialized-value]
58 | uint32_t first = *datap++, second = *datap++;
| ^~~~~~
'cksum_slice8': events 1-2
|
| 33 | uint32_t buf[(1 << 16) / sizeof(uint32_t)];
| | ^~~
| | |
| | (1) region created on stack here
|......
| 38 | if (!fp || !crc_out || !length_out)
| | ~
| | |
| | (2) following 'false' branch...
|
'cksum_slice8': event 3
|
|cc1:
| (3): ...to here
|
'cksum_slice8': events 4-12
|
| 41 | while ((bytes_read = fread_unlocked(buf, 1, (1 << 16), fp)) > 0)
{
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~
| | |
| | (4)
following 'true' branch (when 'bytes_read != 0')...
|......
| 44 | if (length + bytes_read < length) {
| | ~~~~~~~~~~~~~~~~~~~~
| | | |
| | | (5) ...to here
| | (6) following 'false' branch...
|......
| 49 | length += bytes_read;
| | ~~~~~~~~~~~~~~~~~~~~
| | |
| | (7) ...to here
| 50 |
| 51 | if (bytes_read == 0) {
| | ~
| | |
| | (8) following 'false' branch (when 'bytes_read != 0')...
|......
| 56 | datap = (uint32_t*)buf;
| | ~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (9) ...to here
| 57 | while (bytes_read >= 8) {
| | ~~~~~~~~~~~~~~~
| | |
| | (10) following 'true' branch (when
'bytes_read > 7')...
| 58 | uint32_t first = *datap++, second = *datap++;
| | ~~~~~~~ ~~~~~~
| | | |
| | | (12) use of uninitialized value
'*datap_77' here
| | (11) ...to here
|
Compiler returned: 0
