https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105264
Bug ID: 105264 Summary: -Wanalyzer-use-of-uninitialized-value gets confused about var + i v.s. &var[i] Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: avarab at gmail dot com Target Milestone: --- After reading https://developers.redhat.com/articles/2022/04/12/state-static-analysis-gcc-12-compiler I tried out -fanalyzer on GCC 12 (built from c1ff207af66 (ppc: testsuite: skip pr60203 on no ldbl128, 2022-04-12)) against git.git, and discover what seems to be a bug. When compiling git (https://github.com/git/git/) as: $ make CC=gcc CFLAGS=-fanalyzer builtin/merge-file.o It will complain about: builtin/merge-file.c:86:28: error: use of uninitialized value ‘mmfs[i].size’ [CWE-457] [-Werror=analyzer-use-of-uninitialized-value] 86 | if (mmfs[i].size > MAX_XDIFF_SIZE || [...] The basic control flow is: mmfile_t mmfs[3]; [...] for-loop [...] ret = read_mmfile(mmfs + i, fname); [...] Where read_mmfile() function is always either returning -1 or populating mmfs[i] structure, in the case of -1 we can't reach the code -fanalyzer raises an issue about. The warning will go away if I apply: diff --git a/builtin/merge-file.c b/builtin/merge-file.c index e695867ee54..0ca3580b27d 100644 --- a/builtin/merge-file.c +++ b/builtin/merge-file.c @@ -77,7 +77,7 @@ int cmd_merge_file(int argc, const char **argv, const char *prefix) names[i] = argv[i]; fname = prefix_filename(prefix, argv[i]); - ret = read_mmfile(mmfs + i, fname); + ret = read_mmfile(&mmfs[i], fname); free(fname); if (ret) return -1; Which to me suggests a bug in the analyzer, that's not the most obvious code in the world and probably could use that patch in any case, but the analyzer should understand that mmfs+i and &mmfs[i] yield the same pointer. analyzer-use-of-uninitialized-value