If a null value is initialized to a variable then is it possible to get it as a bug in sonarqube or not

For example : in the code below if we haven’t initialized any value to variable a then sonarqube detects it as a bug

int function(int flag, int b) {
  int a;
  if (flag) {
    a = b;
  }
  return a; // Noncompliant - "a" has not been initialized in all paths
}

But when we we initialize a with some function and that function doesn’t return any value then sonarqube doesn’t detect it as a bug for example

int a = getCmtFileFormat();
    printf("hello %d\n", a);

Here we have initialized a with a function and that function is not returning any value or returning null then in this case its not detected as bug by sonarqube.

Hey there.

What version of SonarQube are you using?

we are using SQ version 8.9.6 LTS

Hi @amit.saurabh ,

If I understand your question correctly, the function getCmtFileFormat() is declared as returning an int but does not have a return statement. In that case, the problem is with getCmtFileFormat, because not having a return statement for a non-void function is undefined behavior. Your compiler should emit a warning on the function and SonarQube should detect S935 “non-void function does not return a value”.

Hi @Fred_Tingaud

Our function getCmtFileFormat() has a return statement “return m_cmtFileFormat;”. We would not compile if it does not have a return as we treat that warning as error in our project compiler options.

Regards,
Amit

Hi @amit.saurabh ,
In that case, I’m sorry but I don’t understand what you mean by

we initialize a with some function and that function doesn’t return any value

Could you share some minimal example of code that would have such a problem? Perhaps through a link to godbolt.org?

Hi @Fred_Tingaud ,

Please find the below scenario from our code

int m_cmtFileFormat //declared this variable as integer with no initial value

DrepDataStorage::getCmtFileFormat(void) { return m_cmtFileFormat; } //our getCmtFileFormat function returns m_cmtFileFormat with no initial value

int a = getCmtFileFormat(); // then we are just trying to initialized this function to variable “a”
printf(“hello %d\n”, a); // then trying to print the variable “a”

Here we assume SonarQube should give bug as “Variables should be initialized before use”
because “Variables should be initialized before their use to avoid unexpected behaviors due to garbage values”

Regards,
Amit

Hello @amit.saurabh,

I cannot reproduce the issue. I tried with this simple example:

class UninitClass {
public:
  int getI() const { return i; }  //  S836 is raised here.
private:
  int i;
};

int main(void) {
  UninitClass s;
  int z = s.getI();
  return z;
}

So it must be something special in your example. You can try the simple example and see if it detects it.
Otherwise, the best way to move forward if you want us to investigate the issue is to provide a reproducer file. To generate the reproducer file:

  • Search in the analysis log for the full path of the source file for which you want to create a reproducer (for instance, a file that contains a false-positive). You will have to use exactly this name (same case, / or \…)
  • Add the reproducer option to the scanner configuration:
    sonar.cfamily.reproducer= “Full path to the .cpp”
  • Re-run the scanner to generate a file named sonar-cfamily.reproducer in the project folder.
  • Please share this file. If you think this file contains private information, let us know, we’ll send you a private message that will allow you to send it privately.