I saw a false positive where the analyzer made wrong conclusions about a static variable.
Static variables that are not written have known values (initialized values).
This is the (simplified) code that motivated me to create this patch:
static char *allv[] = { "rpcgen", "-s", "udp", "-s", "tcp", }; static int allc = sizeof(allv) / sizeof(allv[0]); static void f(void) { int i; for (i = 1; i < allc; i++) { const char *p = allv[i]; // <- line 28 i++; } }
Clang output:
array-fp3.c:28:19: warning: Access out-of-bound array element (buffer overflow) const char *p = allv[i]; ^~~~~~~
I added testcases that shows this patch solves both false positives and false negatives
Usually, we do not like bug recursions since it might eat up the stack.
Also, do you consider the case when the variable is passed by reference to a function in another translation unit?