https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105784
Bug ID: 105784 Summary: -Wanalyzer-use-of-uninitialized-value false positive on partly initialized array Product: gcc Version: 12.1.1 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: eggert at cs dot ucla.edu Target Milestone: --- Created attachment 53056 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=53056&action=edit False positive with -O2 -fanalyzer -Wanalyzer-use-of-uninitialized-value I found this bug with GCC 12.1.1 20220507 (Red Hat 12.1.1-1) on x86-64. Compile the attached program x.i (which is simplified from GNU Emacs master) with: gcc -O2 -fanalyzer -Wanalyzer-use-of-uninitialized-value -S x.i The GCC output is as follows. This is a false positive, since *src must point into the initialized part of the array. x.i: In function ‘ccl_driver’: x.i:13:11: warning: use of uninitialized value ‘*src’ [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 13 | i = *src++; | ~~^~~~~~~~ ‘Fccl_execute_on_string’: events 1-5 | | 19 | Fccl_execute_on_string (char *str, long str_bytes) | | ^~~~~~~~~~~~~~~~~~~~~~ | | | | | (1) entry to ‘Fccl_execute_on_string’ |...... | 25 | int source[1024]; | | ~~~~~~ | | | | | (2) region created on stack here |...... | 28 | while (src_size < 1024 && p < endp) | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (3) following ‘false’ branch... |...... | 31 | ccl_driver (source, src_size); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (4) ...to here | | (5) calling ‘ccl_driver’ from ‘Fccl_execute_on_string’ | +--> ‘ccl_driver’: events 6-11 | | 5 | ccl_driver (int *source, int src_size) | | ^~~~~~~~~~ | | | | | (6) entry to ‘ccl_driver’ |...... | 10 | while (!quit_flag) | | ~~~~~~~~~~ | | | | | (7) following ‘false’ branch... | 11 | { | 12 | if (src < src_end) | | ~ | | | | | (8) ...to here | | (9) following ‘true’ branch (when ‘src < src_end’)... | 13 | i = *src++; | | ~~~~~~~~~~ | | | | | | | (10) ...to here | | (11) use of uninitialized value ‘*src’ here |