JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

CodeSonar® 9.2p0 CONFIDENTIAL CodeSecure Inc
C and C++
Binaries

LANG.MEM.UVAR : Uninitialized Variable

Summary

An attempt to use the value of a variable that has not been initialized.

When MOVED_FROM_UV_CHECK_ENABLED=Yes, this includes attempts to use the value of a variable that has been left in a moved-from state after applying a move constructor or move assignment (C++ code only).

Occurrences of uninitialized variables in dead code (code with no effect on program behavior under any circumstances) do not trigger warnings of this class.

Properties

Class Name Uninitialized Variable
Significance security
Mnemonic LANG.MEM.UVAR
Categories
MisraC2025 MisraC2025:1.3 There shall be no occurrence of undefined or critical unspecified behaviour
  MisraC2025:9.1 The value of an object with automatic storage duration shall not be read before it has been set
  MisraC2025:D.4.1 Run-time failures shall be minimized
MisraC2023 MisraC2023:1.3 There shall be no occurrence of undefined or critical unspecified behaviour
  MisraC2023:9.1 The value of an object with automatic storage duration shall not be read before it has been set
  MisraC2023:D.4.1 Run-time failures shall be minimized
Misra2012 Misra2012:1.3 There shall be no occurrence of undefined or critical unspecified behaviour
  Misra2012:9.1 The value of an object with automatic storage duration shall not be read before it has been set
  Misra2012:D.4.1 Run-time failures shall be minimized
Misra2004 Misra2004:9.1 All automatic variables shall have been assigned a value before being used
AUTOSARC++14 AUTOSARC++14:A8-5-0 All memory shall be initialized before it is read.
  AUTOSARC++14:A12-8-3 Moved-from object shall not be read-accessed.
MisraC++2008 MisraC++2008:8-5-1 All variables shall have a defined value before they are used.
MisraC++2023 MisraC++2023:0.3.2 A function call shall not violate the function's preconditions
  MisraC++2023:11.6.2 The value of an object shall not be read before it has been set
CWE CWE:457 Use of Uninitialized Variable
  CWE:758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
  CWE:908 Use of Uninitialized Resource
  CWE:1419 Incorrect Initialization of Resource
TS17961 TS17961:5.34-uninitref Referencing uninitialized memory
CERT-C CERT-C:EXP33-C Do not read uninitialized memory
  CERT-C:FIO40-C Reset strings on fgets() or fgetws() failure
CERT-CPP CERT-CPP:EXP53-CPP Do not read uninitialized memory
  CERT-CPP:EXP63-CPP Do not rely on the value of a moved-from object
  CERT-CPP:OOP55-CPP Do not use pointer-to-member operators to access nonexistent members
JSF++ JSF++:70.1 An object shall not be improperly used before its lifetime begins or after its lifetime ends.
  JSF++:71 Calls to an externally visible operation of an object, other than its constructors, shall not be allowed until the object has been fully initialized.
  JSF++:142 All variables shall be initialized before use.
Availability Available for C and C++.
Enabling Checks for this warning class are enabled by default. To disable them, add the following WARNING_FILTER rule to the project configuration file. 
WARNING_FILTER += discard class="Uninitialized Variable"

Example 

#include <iostream>
#include <utility>

//  Example 1: simple uninitialized variable

void lang_mem_uvar_simple(void){
    int i,j;
    int *p;

    std::cout << j << "\n"; // 'Uninitialized Variable' warning issued here

    // No warnings are issued in any of the following statements.
    // - Each of them is dead code: executing has no effect on program state,
    //   even though i is not initialized.
    // - An optimizing compiler may remove any or all of these statements.
    i;
    i + 1;
    &p[i];
}

// Example 2: uninitialized variable due to an object being left in
// moved-from state.

class C {
  private:
    int *p;
  public:
    C() =default;                                // Default constructor
    constexpr C(const C&) =default;              // Copy constructor
    C(C && other) : p(std::move(other.p)){}      // Move constructor
    constexpr C& operator=(const C&) =default;   // Copy assignment

  int get(void){
    return p ? *p : 0;      // 'Uninitialized Variable' warning issued here
                            // when MOVED_FROM_UV_CHECK_ENABLED=Yes
  }
};

int useC(C c){return c.get();}

int lang_mem_uvar_movefrom_C(C c){
    int i = 0;
    i += c.get();                           // ok : no program path in which c is in moved-from state
    i += useC(std::move(c));                // c moved-from
    i += c.get();            // Warning issued because c is used while
                             // in moved-from state: warning endpoint
                             // is in the C::get() definition above.
    c = C();                                // c no longer moved-from
    i += c.get();                           // ok: c not in moved-from state
    return i;
}

Relevant Configuration File Parameters

The following configuration file parameters affect checks for this warning class.

 

To report problems with this documentation, please visit https://support.codesecure.com/.