JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

CodeSonar® 9.2p0 CONFIDENTIAL CodeSecure Inc
C and C++
Binaries

LANG.MEM.UVAR : 未初期化変数

要旨

初期化されていない変数の値を使用しようとしています。

When MOVED_FROM_UV_CHECK_ENABLED=Yes, this includes attempts to use the value of a variable that has been left in a moved-from state after applying a move constructor or move assignment (C++ code only).

使用されていない変数が未初期化の場合はこのワーニングは検出されません。

プロパティ

クラス名 Uninitialized Variable
日本語クラス名 未初期化変数
クラス分類 セキュリティ (security)
ニーモニック LANG.MEM.UVAR
カテゴリー
MisraC2025 MisraC2025:1.3 There shall be no occurrence of undefined or critical unspecified behaviour
  MisraC2025:9.1 The value of an object with automatic storage duration shall not be read before it has been set
  MisraC2025:D.4.1 Run-time failures shall be minimized
MisraC2023 MisraC2023:1.3 There shall be no occurrence of undefined or critical unspecified behaviour
  MisraC2023:9.1 The value of an object with automatic storage duration shall not be read before it has been set
  MisraC2023:D.4.1 Run-time failures shall be minimized
Misra2012 Misra2012:1.3 There shall be no occurrence of undefined or critical unspecified behaviour
  Misra2012:9.1 The value of an object with automatic storage duration shall not be read before it has been set
  Misra2012:D.4.1 Run-time failures shall be minimized
Misra2004 Misra2004:9.1 All automatic variables shall have been assigned a value before being used
AUTOSARC++14 AUTOSARC++14:A8-5-0 All memory shall be initialized before it is read.
  AUTOSARC++14:A12-8-3 Moved-from object shall not be read-accessed.
MisraC++2008 MisraC++2008:8-5-1 All variables shall have a defined value before they are used.
MisraC++2023 MisraC++2023:0.3.2 A function call shall not violate the function's preconditions
  MisraC++2023:11.6.2 The value of an object shall not be read before it has been set
CWE CWE:457 Use of Uninitialized Variable
  CWE:758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
  CWE:908 Use of Uninitialized Resource
  CWE:1419 Incorrect Initialization of Resource
TS17961 TS17961:5.34-uninitref Referencing uninitialized memory
CERT-C CERT-C:EXP33-C Do not read uninitialized memory
  CERT-C:FIO40-C Reset strings on fgets() or fgetws() failure
CERT-CPP CERT-CPP:EXP53-CPP Do not read uninitialized memory
  CERT-CPP:EXP63-CPP Do not rely on the value of a moved-from object
  CERT-CPP:OOP55-CPP Do not use pointer-to-member operators to access nonexistent members
JSF++ JSF++:70.1 An object shall not be improperly used before its lifetime begins or after its lifetime ends.
  JSF++:71 Calls to an externally visible operation of an object, other than its constructors, shall not be allowed until the object has been fully initialized.
  JSF++:142 All variables shall be initialized before use.
対応言語 C および C++ で利用可能です。
有効/無効設定 このワーニングクラスのチェックはデフォルトで有効になっています。チェックを無効にするにはプロジェクト設定ファイル (configuration file)に以下の WARNING_FILTER ルールを追加してください。 
WARNING_FILTER += discard class="Uninitialized Variable"


#include <iostream>
#include <utility>

//  Example 1: simple uninitialized variable

void lang_mem_uvar_simple(void){
    int i,j;
    int *p;

    std::cout << j << "\n"; // 'Uninitialized Variable' warning issued here

    // No warnings are issued in any of the following statements.
    // - Each of them is dead code: executing has no effect on program state,
    //   even though i is not initialized.
    // - An optimizing compiler may remove any or all of these statements.
    i;
    i + 1;
    &p[i];
}

// Example 2: uninitialized variable due to an object being left in
// moved-from state.

class C {
  private:
    int *p;
  public:
    C() =default;                                // Default constructor
    constexpr C(const C&) =default;              // Copy constructor
    C(C && other) : p(std::move(other.p)){}      // Move constructor
    constexpr C& operator=(const C&) =default;   // Copy assignment

  int get(void){
    return p ? *p : 0;      // 'Uninitialized Variable' warning issued here
                            // when MOVED_FROM_UV_CHECK_ENABLED=Yes
  }
};

int useC(C c){return c.get();}

int lang_mem_uvar_movefrom_C(C c){
    int i = 0;
    i += c.get();                           // ok : no program path in which c is in moved-from state
    i += useC(std::move(c));                // c moved-from
    i += c.get();            // Warning issued because c is used while
                             // in moved-from state: warning endpoint
                             // is in the C::get() definition above.
    c = C();                                // c no longer moved-from
    i += c.get();                           // ok: c not in moved-from state
    return i;
}

関連のある設定ファイルパラメータ

設定ファイルの以下のパラメータがこのワーニングクラスのチェックに影響します。

 

To report problems with this documentation, please visit https://support.codesecure.com/.