https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109014
--- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
I believe the issue here is that:
* display_properties partially initializes the "found" buffer, writing a -1
terminator at the end of the initialized part at:
fv[m] = -1;
* display_properties then calls format_list_item, which tries to find the
terminator with:
for (count = 0; ff[count] >= 0; count++) {
* -fanalyzer isn't smart enough to know that a -1 terminator has been written,
and simulates iterating past the end of the initialized region
and this is currently masked by the "sprintf" call, which in the absence of a
known_function implementation is currently assumed to potentially write to fv.
