https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106573
Bug ID: 106573
Summary: Missing -Wanalyzer-use-of-uninitialized-value on calls
handled by state machines
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
CC: mir at gcc dot gnu.org
Target Milestone: ---
Consider:
int dup (int old_fd);
int not_dup (int old_fd);
int
test_1 ()
{
int m;
return dup (m);
}
int
test_2 ()
{
int m;
return not_dup (m);
}
where in each function uninitialized local "m" is passed to an
externally-defined function.
-fanalyzer currently emits:
t.c: In function ‘test_1’:
t.c:8:10: warning: ‘dup’ on possibly invalid file descriptor ‘m’
[-Wanalyzer-fd-use-without-check]
8 | return dup (m);
| ^~~~~~~
‘test_1’: event 1
|
| 8 | return dup (m);
| | ^~~~~~~
| | |
| | (1) ‘m’ could be invalid
|
t.c: In function ‘test_2’:
t.c:15:10: warning: use of uninitialized value ‘m’ [CWE-457]
[-Wanalyzer-use-of-uninitialized-value]
15 | return not_dup (m);
| ^~~~~~~~~~~
‘test_2’: events 1-2
|
| 14 | int m;
| | ^
| | |
| | (1) region created on stack here
| 15 | return not_dup (m);
| | ~~~~~~~~~~~
| | |
| | (2) use of uninitialized value ‘m’ here
|
where it only complains about uninit m being passed to not_dup.
Looks like we're missing a check for poisoned svalues as params for the case
where one of the state machines recognizes the function in question.
