On Wed, 27 Aug 2025 14:23:35 GMT, Matthias Baesken <mbaes...@openjdk.org> wrote:
> When using gcc static analyzer (-fanalyzer) with gcc 13.2 the following issue > is reported : > > /jdk/src/jdk.management/linux/native/libmanagement_ext/UnixOperatingSystem.c: > In function 'get_jvmticks': > /jdk/src/jdk.management/linux/native/libmanagement_ext/UnixOperatingSystem.c:208:24: > warning: use of uninitialized value 'systemTicks' [CWE-457] > [-Wanalyzer-use-of-uninitialized-value] > 208 | pticks->usedKernel = systemTicks; > > > vsscanf usually/normally reads the systemTicks info from /proc file system. > see > https://github.com/openjdk/jdk/blob/45726a1f8b8f76586037867a32b82f8ab9b96937/src/jdk.management/linux/native/libmanagement_ext/UnixOperatingSystem.c#L163 > but we never check that the *exact* number of params is read with vsscanf : > n = vsscanf(tmp, fmt, args); > So potentially we could get a non complete info without systemTicks and the > call would still succeed. This pull request has now been integrated. Changeset: a6e2a329 Author: Matthias Baesken <mbaes...@openjdk.org> URL: https://git.openjdk.org/jdk/commit/a6e2a329a07c71582ac696809fb5349c6a0b681c Stats: 2 lines in 1 file changed: 0 ins; 0 del; 2 mod 8366092: [GCC static analyzer] UnixOperatingSystem.c warning: use of uninitialized value 'systemTicks' Reviewed-by: kevinw, asteiner ------------- PR: https://git.openjdk.org/jdk/pull/26962
