https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109851
Bug ID: 109851
Summary: False positive va_arg when iterating through format
string with for-loop
Product: gcc
Version: 13.1.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: nvinson234+gcc-bugs at gmail dot com
Target Milestone: ---
Created attachment 55081
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=55081&action=edit
analzyer warning output
When compiling the following code:
#include<stdio.h>
#include<stdarg.h>
#include<string.h>
void foo(char *fmt, ...) {
int i = 0;
char c;
va_list ap;
va_start(ap, fmt);
for (i = 0; (c = fmt[i]) != 0; i++) {
c = fmt[i];
if (c == '%') {
printf("Saw %%");
}
if (c == 'd') {
i = va_arg(ap, int);
}
}
va_end(ap);
}
int main(int argc, char **argv) {
foo("%s.lt", argv[0]);
return 0;
}
with the command: gcc -O2 -fanalyzer test.c
The analyzer gives the warning:
test.c:17:15: warning: ‘va_arg’ expected ‘int’ but received ‘char *’ for
variadic argument 1 of ‘ap’
However, the condition "c == 'd'" is never true and va_arg() is never called.
This is a reduced case based on the lemon_vsnprintf() code found in
sqlite-3.41.2'a tool/lemon.c.
Full warning output attached.
