On Wed, 27 Aug 2025 14:39:01 GMT, Matthias Baesken <mbaes...@openjdk.org> wrote:
>> When using gcc static analyzer (-fanalyzer) with gcc 13.2 the following >> issue is reported : >> >> /jdk/src/jdk.management/linux/native/libmanagement_ext/UnixOperatingSystem.c: >> In function 'get_jvmticks': >> /jdk/src/jdk.management/linux/native/libmanagement_ext/UnixOperatingSystem.c:208:24: >> warning: use of uninitialized value 'systemTicks' [CWE-457] >> [-Wanalyzer-use-of-uninitialized-value] >> 208 | pticks->usedKernel = systemTicks; >> >> >> vsscanf usually/normally reads the systemTicks info from /proc file system. >> see >> https://github.com/openjdk/jdk/blob/45726a1f8b8f76586037867a32b82f8ab9b96937/src/jdk.management/linux/native/libmanagement_ext/UnixOperatingSystem.c#L163 >> but we never check that the *exact* number of params is read with vsscanf : >> n = vsscanf(tmp, fmt, args); >> So potentially we could get a non complete info without systemTicks and the >> call would still succeed. > > Matthias Baesken has updated the pull request incrementally with one > additional commit since the last revision: > > init vars so that gcc static analyzer is happy too Okay then let's avoid the initialization. ------------- PR Comment: https://git.openjdk.org/jdk/pull/26962#issuecomment-3237165958
