Open
Description
I encountered a bug in a project that boiled down to something like this, passing the address of an uninitialized local variable as the source for memcpy:
#include <string.h>
void foo(int *out) {
int x;
memcpy(out, &x, sizeof(x));
}The bug was only discovered after upgrading to a more recent clang happened to expose a runtime issue, there was no diagnostic. I found that latest gcc warns about this, but latest clang doesn't, see https://godbolt.org/z/7rd84W7sc
Output from gcc 14.2
<source>: In function 'main':
<source>:7:3: warning: 'x' is used uninitialized [-Wuninitialized]
7 | memcpy(&y, &x, sizeof(x));
| ^~~~~~~~~~~~~~~~~~~~~~~~~
<source>:4:7: note: 'x' declared here
4 | int x;
|
It seems like gcc also more generally emits either -Wuninitialized or -Wmaybe-uninitialized when passing pointers to uninitialized local variables as function parameters, which is partly driven by those parameters being marked const or annotated using attribute access, but at least the memcpy case seems like it would be useful to cover.
Activity