https://bugs.winehq.org/show_bug.cgi?id=37132
Bug ID: 37132 Summary: Clang Static Analyzer: Uninitialized array item Product: Wine Version: 1.7.22 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: lukebenes@hotmail.com
Clang Static Analyzer identifies Uninitialized array item
File: dlls/avifil32/api.c
Location: line 1753, column 10
Description: Assigned value is garbage or undefined
#define MAX_AVISTREAMS 8 ... HRESULT WINAPI AVISaveVW(....int nStreams ....) { ... //Declaring 8-item array, [0..7] PAVISTREAM pInStreams[MAX_AVISTREAMS]; ... if (nStreams >= MAX_AVISTREAMS) { WARN(...); return AVIERR_INTERNAL; } ... //Initializing first 7 items, [0..6]. for (curStream = 0; curStream < nStreams; curStream++) { pInStreams[curStream] = NULL; pOutStreams[curStream] = NULL; } ... for (curStream = 0; curStream < nStreams; curStream++) { ... if (curStream + 1 >= nStreams) { /* move the others one up */ PAVISTREAM *ppas = &pInStreams[curStream]; int n = nStreams - (curStream + 1);
do { *ppas = pInStreams[curStream + 1]; //Clang: Assigned value is garbage or undefined } while (--n); } ... } ... }
In this code, an array of 8 items is declared. The code will continue executing as long as the nStreams variable is less than 8, i.e. 7 at most. All the loops in this function with the conditional statement (curStream < nStreams) fail to iterate through the last item, both before its initialization and when using it. The line Clang displayed the message on is just that very line where the eighth item with the index 7 is taken, as the (curStream + 1 >= nStreams) condition will be true at curStream==6 and nStreams==7. Addressing the pInStreams[curStream + 1] array will give us the last, previously uninitialized item.