Hi all,
According to TOPIC: Uninitialized value used but not pointed out under C code.
This example did use an uninitialized variable, but due to the limitation of SonarQube, this issue becomes a hidden leak.
examples:
in test.h
struct str{int a;};
void func(struct str *);
int test.c:
include "test.h"
void func(struct str *s)
{
if (s->a == x)
DOSOMETHING
}
in main1.c
#include "test.h"
int main(void)
{
struct str s;
func(&s);
}
in main2.c
#include "test.h"
int main(void)
{
struct str s = {0};
func(&s);
}
In main1.c, we did not give s any initialized value, so in func() the condition sentence will do something un-predictable.
And main2.c should be the safe way to use the function.
I guess this could be seen as a Security Hotspot issue?