https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108664
Bug ID: 108664 Summary: -Wanalyzer-use-of-uninitialized-value false positive seen in coreutils's cksum.c: cksum_slice8 Product: gcc Version: 13.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- Created attachment 54407 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=54407&action=edit Reproducer Trunk emits false postives: https://godbolt.org/z/9Mjcr3j1W in which the analyzer doesn't seem to grok that fread_unlocked will have initialized part of the buffer when the return value is checked. <source>: In function 'cksum_slice8': <source>:58:16: warning: use of uninitialized value '*datap_52' [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 58 | uint32_t first = *datap++, second = *datap++; | ^~~~~ 'cksum_slice8': events 1-2 | | 33 | uint32_t buf[(1 << 16) / sizeof(uint32_t)]; | | ^~~ | | | | | (1) region created on stack here |...... | 38 | if (!fp || !crc_out || !length_out) | | ~ | | | | | (2) following 'false' branch... | 'cksum_slice8': event 3 | |cc1: | (3): ...to here | 'cksum_slice8': events 4-12 | | 41 | while ((bytes_read = fread_unlocked(buf, 1, (1 << 16), fp)) > 0) { | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~ | | | | | (4) following 'true' branch (when 'bytes_read != 0')... |...... | 44 | if (length + bytes_read < length) { | | ~~~~~~~~~~~~~~~~~~~~ | | | | | | | (5) ...to here | | (6) following 'false' branch... |...... | 49 | length += bytes_read; | | ~~~~~~~~~~~~~~~~~~~~ | | | | | (7) ...to here | 50 | | 51 | if (bytes_read == 0) { | | ~ | | | | | (8) following 'false' branch (when 'bytes_read != 0')... |...... | 56 | datap = (uint32_t*)buf; | | ~~~~~~~~~~~~~~~~~~~~~~ | | | | | (9) ...to here | 57 | while (bytes_read >= 8) { | | ~~~~~~~~~~~~~~~ | | | | | (10) following 'true' branch (when 'bytes_read > 7')... | 58 | uint32_t first = *datap++, second = *datap++; | | ~~~~~ ~~~~~~~ | | | | | | | (11) ...to here | | (12) use of uninitialized value '*datap_52' here | <source>:58:34: warning: use of uninitialized value '*datap_77' [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 58 | uint32_t first = *datap++, second = *datap++; | ^~~~~~ 'cksum_slice8': events 1-2 | | 33 | uint32_t buf[(1 << 16) / sizeof(uint32_t)]; | | ^~~ | | | | | (1) region created on stack here |...... | 38 | if (!fp || !crc_out || !length_out) | | ~ | | | | | (2) following 'false' branch... | 'cksum_slice8': event 3 | |cc1: | (3): ...to here | 'cksum_slice8': events 4-12 | | 41 | while ((bytes_read = fread_unlocked(buf, 1, (1 << 16), fp)) > 0) { | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~ | | | | | (4) following 'true' branch (when 'bytes_read != 0')... |...... | 44 | if (length + bytes_read < length) { | | ~~~~~~~~~~~~~~~~~~~~ | | | | | | | (5) ...to here | | (6) following 'false' branch... |...... | 49 | length += bytes_read; | | ~~~~~~~~~~~~~~~~~~~~ | | | | | (7) ...to here | 50 | | 51 | if (bytes_read == 0) { | | ~ | | | | | (8) following 'false' branch (when 'bytes_read != 0')... |...... | 56 | datap = (uint32_t*)buf; | | ~~~~~~~~~~~~~~~~~~~~~~ | | | | | (9) ...to here | 57 | while (bytes_read >= 8) { | | ~~~~~~~~~~~~~~~ | | | | | (10) following 'true' branch (when 'bytes_read > 7')... | 58 | uint32_t first = *datap++, second = *datap++; | | ~~~~~~~ ~~~~~~ | | | | | | | (12) use of uninitialized value '*datap_77' here | | (11) ...to here | Compiler returned: 0