https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109789
--- Comment #6 from Jonathan Wakely <redi at gcc dot gnu.org> ---
(In reply to Jonathan Wakely from comment #5)
> float dsp_abs_max(float *buf, size_t size) {
> for (size_t i = 0; i < size; i++)
> if (fabsf(buf[i]) > 1e-20f)
> dsp_abs_max_ret = fabsf(buf[i]);
> return dsp_abs_max_ret;
> }
> void export_audio(int nframes, float init, int count) {
> do {
> float tmp_l[nframes];
> for (int i = 0; i < nframes; i++)
> tmp_l[i] = init;
> float max_amp = dsp_abs_max(tmp_l, nframes);
I think the problem is that frames is signed int and is converted to size_t
when calling this function. The analyzer is complaining that if nframes is
negative, then you'll get a very large size_t and the loop inside dsp_abs_max
will read more variables than were init'd.
Of course if nframes is negative, the program has undefined behaviour anyway,
C17 6.7.6.2 says "each time it is evaluated
it shall have a value greater than zero".
So I think the analyzer should assume the size is greater than zero, or warn
about *that* possibility, at the point of the array declaration.
If you add this to export_audio() then there's no analyzer warning:
if (nframes < 1)
return;
