Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False positive Uninitialized Value in C code #1802

Open
nurupo opened this issue Dec 13, 2023 · 0 comments
Open

False positive Uninitialized Value in C code #1802

nurupo opened this issue Dec 13, 2023 · 0 comments

Comments

@nurupo
Copy link

nurupo commented Dec 13, 2023

Version: v1.1.0

System: Debian Bullseye

Command:

infer --no-progress-bar -- cc \
          auto_tests/auto_test_support.c \
          auto_tests/lossless_packet_test.c \
          testing/misc_tools.c \
          toxav/*.c \
          toxcore/*.c \
          toxcore/*/*.c \
          toxencryptsave/*.c \
          third_party/cmp/*.c \
          -lpthread \
          $(pkg-config --cflags --libs libsodium opus vpx)

ran in the root directory of https://github.com/TokTok/c-toxcore repository.

Infer incorrectly reports Uninitialized Value:

Capturing in make/cc mode...
Found 79 source files to analyze in /root/work/infer-out

toxcore/Messenger.c:2734: error: Uninitialized Value
  The value read from dht2m[_] was never initialized.
  2732. 
  2733.         for (uint32_t friend_idx = 0; friend_idx < num_dhtfriends; ++friend_idx) {
  2734.             const Friend *const msgfptr = dht2m[friend_idx] >= 0 ?  &m->friendlist[dht2m[friend_idx]] : nullptr;
                                                  ^
  2735.             const DHT_Friend *const dhtfptr = dht_get_friend(m->dht, friend_idx);
  2736. 

toxcore/Messenger.c:2739: error: Uninitialized Value
  The value read from dht2m[_] was never initialized.
  2737.             if (msgfptr != nullptr) {
  2738.                 char id_str[IDSTRING_LEN];
  2739.                 LOGGER_TRACE(m->log, "F[%2u:%2u] <%s> %s",
                        ^
  2740.                              dht2m[friend_idx], friend_idx, msgfptr->name,
  2741.                              id_to_string(msgfptr->real_pk, id_str, sizeof(id_str)));

toxcore/Messenger.c:2723: error: Uninitialized Value
  The value read from m2dht[_] was never initialized.
  2721. 
  2722.         for (uint32_t friend_idx = 0; friend_idx < num_dhtfriends; ++friend_idx) {
  2723.             if (m2dht[friend_idx] >= 0) {
                        ^
  2724.                 assert(friend_idx < INT32_MAX);
  2725.                 dht2m[m2dht[friend_idx]] = (int32_t)friend_idx;

toxcore/group_chats.c:6190: error: Dead Store
  The value written to &ret (type int) is never used.
  6188.     }
  6189. 
  6190.     int ret = -1;
            ^
  6191.     const uint16_t payload_len = (uint16_t)len;
  6192. 


Found 4 issues
                Issue Type(ISSUED_TYPE_ID): #
  Uninitialized Value(UNINITIALIZED_VALUE): 3
                    Dead Store(DEAD_STORE): 1

Both dht2m and m2dht arrays are initialized to -1 in the loop right after their declaration:

https://github.com/TokTok/c-toxcore/blob/66453439acf79a35eb46fe66a1c72595e7d0c9ca/toxcore/Messenger.c#L2701-L2720

(Note that break breaks just the inner loop, the outer loop runs in its entirety, fully initializing the arrays).

VAL macro is defined in https://github.com/TokTok/c-toxcore/blob/66453439acf79a35eb46fe66a1c72595e7d0c9ca/toxcore/ccompat.h, expands to

        int32_t m2dht[num_dhtfriends];
        int32_t dht2m[num_dhtfriends];

if you run gcc -E or clang -E on the code.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nurupo