On Wed, Aug 31, 2016 at 12:55:01PM -0700, Junio C Hamano wrote:

> Interesting.  Here is for "gcc -Os" on top to appease gcc 4.8.4 that
> I probably am NOT going to apply.  These are all false positives.
> The ones on config.c is the most curious as these two "ret" needs a
> false initialization, but the one that comes after them
> git_config_ulong() that has the same code structure does not get any
> warning, which made absolutely no sense to me.

Yeah, I'd agree that is really odd. I wondered if perhaps the signedness
of the argument mattered (e.g., if we were somehow provoking undefined
behavior which caused the compiler to make some assumption), but I just
don't see it.

>  builtin/update-index.c | 2 +-
>  config.c               | 4 ++--
>  diff.c                 | 2 +-
>  fast-import.c          | 1 +
>  4 files changed, 5 insertions(+), 4 deletions(-)

FWIW, all but the fast-import one have gone away in gcc 6.2.0 (using

For that one:

> diff --git a/fast-import.c b/fast-import.c
> index bf53ac9..abc4519 100644
> --- a/fast-import.c
> +++ b/fast-import.c
> @@ -1377,6 +1377,7 @@ static const char *get_mode(const char *str, uint16_t 
> *modep)
>       unsigned char c;
>       uint16_t mode = 0;
> +     *modep = 0;
>       while ((c = *str++) != ' ') {
>               if (c < '0' || c > '7')
>                       return NULL;

The complaint actually comes from the caller, who doesn't realize that
modep will be set.

It pretty clearly seems to be a false positive, but I don't understand
it. If get_mode() is not inlined (or otherwise examined when considering
the caller), then it presumably should be treated as a block box that we
assume sets "modep".  And if it is inlined, then it's pretty obvious
that "modep" is initialized in any code path that does not return NULL,
and we have:

        p = get_mode(p, &mode);
        if (!p)
                die("Corrupt mode: %s", command_buf.buf);

in the caller (and "die" is marked as NORETURN). So it seems like a
pretty easy case to get right, and one that the compiler presumably gets
right elsewhere (otherwise we'd have a lot more of these false



Reply via email to