search

facebook / infer

A static analyzer for Java, C, C++, and Objective-C
http://fbinfer.com/
MIT License
14.79k stars 2k forks source link

False positive Uninitialized Value in C code #1802

Open nurupo opened 6 months ago

nurupo commented 6 months ago

Version: v1.1.0

System: Debian Bullseye

Command:

infer --no-progress-bar -- cc \
          auto_tests/auto_test_support.c \
          auto_tests/lossless_packet_test.c \
          testing/misc_tools.c \
          toxav/*.c \
          toxcore/*.c \
          toxcore/*/*.c \
          toxencryptsave/*.c \
          third_party/cmp/*.c \
          -lpthread \
          $(pkg-config --cflags --libs libsodium opus vpx)

ran in the root directory of https://github.com/TokTok/c-toxcore repository.

Infer incorrectly reports Uninitialized Value:

Capturing in make/cc mode...
Found 79 source files to analyze in /root/work/infer-out

toxcore/Messenger.c:2734: error: Uninitialized Value
  The value read from dht2m[_] was never initialized.
  2732. 
  2733.         for (uint32_t friend_idx = 0; friend_idx < num_dhtfriends; ++friend_idx) {
  2734.             const Friend *const msgfptr = dht2m[friend_idx] >= 0 ?  &m->friendlist[dht2m[friend_idx]] : nullptr;
                                                  ^
  2735.             const DHT_Friend *const dhtfptr = dht_get_friend(m->dht, friend_idx);
  2736. 

toxcore/Messenger.c:2739: error: Uninitialized Value
  The value read from dht2m[_] was never initialized.
  2737.             if (msgfptr != nullptr) {
  2738.                 char id_str[IDSTRING_LEN];
  2739.                 LOGGER_TRACE(m->log, "F[%2u:%2u] <%s> %s",
                        ^
  2740.                              dht2m[friend_idx], friend_idx, msgfptr->name,
  2741.                              id_to_string(msgfptr->real_pk, id_str, sizeof(id_str)));

toxcore/Messenger.c:2723: error: Uninitialized Value
  The value read from m2dht[_] was never initialized.
  2721. 
  2722.         for (uint32_t friend_idx = 0; friend_idx < num_dhtfriends; ++friend_idx) {
  2723.             if (m2dht[friend_idx] >= 0) {
                        ^
  2724.                 assert(friend_idx < INT32_MAX);
  2725.                 dht2m[m2dht[friend_idx]] = (int32_t)friend_idx;

toxcore/group_chats.c:6190: error: Dead Store
  The value written to &ret (type int) is never used.
  6188.     }
  6189. 
  6190.     int ret = -1;
            ^
  6191.     const uint16_t payload_len = (uint16_t)len;
  6192. 

Found 4 issues
                Issue Type(ISSUED_TYPE_ID): #
  Uninitialized Value(UNINITIALIZED_VALUE): 3
                    Dead Store(DEAD_STORE): 1

Both dht2m and m2dht arrays are initialized to -1 in the loop right after their declaration:

https://github.com/TokTok/c-toxcore/blob/66453439acf79a35eb46fe66a1c72595e7d0c9ca/toxcore/Messenger.c#L2701-L2720

(Note that break breaks just the inner loop, the outer loop runs in its entirety, fully initializing the arrays).

VAL macro is defined in https://github.com/TokTok/c-toxcore/blob/66453439acf79a35eb46fe66a1c72595e7d0c9ca/toxcore/ccompat.h, expands to

        int32_t m2dht[num_dhtfriends];
        int32_t dht2m[num_dhtfriends];

if you run gcc -E or clang -E on the code.