https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94713
Bug ID: 94713
Summary: Analyzer is buggy on uninitialized pointer
Product: gcc
Version: 10.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: vincent-gcc at vinc17 dot net
Target Milestone: ---
Test with: gcc-10 (Debian 10-20200418-1) 10.0.1 20200418 (experimental) [master
revision 27c171775ab:4c277008be0:c5bac7d127f288fd2f8a1f15c3f30da5903141c6]
Consider:
void f1 (int *);
void f2 (int);
int foo (void)
{
int *p;
f1 (p);
f2 (p[0]);
return 0;
}
zira% gcc-10 -Wall tst2.c -O3 -c -fanalyzer
tst2.c: In function ‘foo’:
tst2.c:8:3: warning: ‘p’ is used uninitialized in this function
[-Wuninitialize]
8 | f1 (p);
| ^~~~~~
tst2.c:9:3: warning: use of uninitialized value ‘p’ [CWE-457]
[-Wanalyzer-use-of-uninitialized-value]
9 | f2 (p[0]);
| ^~~~~~~~~
‘foo’: event 1
|
|
-Wuninitialize works as expected, but -Wanalyzer-use-of-uninitialized-value
outputs the warning message on p[0], though the ‘p’ in the warning message is
correct.
If I comment out the "f2 (p[0]);" line, I no longer get the warning from the
analyzer, which means that it is the p[0] that triggers the warning instead of
p.
