When using gcc static analyzer (-fanalyzer) with gcc 13.2 the following issue is reported :
/jdk/src/jdk.management/linux/native/libmanagement_ext/UnixOperatingSystem.c: In function 'get_jvmticks': /jdk/src/jdk.management/linux/native/libmanagement_ext/UnixOperatingSystem.c:208:24: warning: use of uninitialized value 'systemTicks' [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 208 | pticks->usedKernel = systemTicks; vsscanf usually/normally reads the systemTicks info from /proc file system. see https://github.com/openjdk/jdk/blob/45726a1f8b8f76586037867a32b82f8ab9b96937/src/jdk.management/linux/native/libmanagement_ext/UnixOperatingSystem.c#L163 but we never check that the *exact* number of params is read with vsscanf : n = vsscanf(tmp, fmt, args); So potentially we could get a non complete info without systemTicks and the call would still succeed. ------------- Commit messages: - JDK-8366092 Changes: https://git.openjdk.org/jdk/pull/26962/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=26962&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8366092 Stats: 2 lines in 1 file changed: 0 ins; 0 del; 2 mod Patch: https://git.openjdk.org/jdk/pull/26962.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/26962/head:pull/26962 PR: https://git.openjdk.org/jdk/pull/26962
