[tz] tzcode: uninitialized sp->charcnt gives clang analyzer warning

[Paul Eggert]

On 8/11/21 1:47 AM, Jan Engelhardt wrote:
> But I have a platform where malloc does set errno on failure, hence I
> am looking (only) at the -DHAVE_MALLOC_ERRNO=1 configuration and
> what clang outputs there.

Although the platform's malloc sets errno on failure, the static 
analyzer incorrectly assumes otherwise. You can work around this problem 
by compiling with -DHAVE_MALLOC_ERRNO=1 (the default) for the platform, 
and by running the static analyzer with -DHAVE_MALLOC_ERRNO=0. Or, if 
it's an absolute requirement to do static analysis and compilation with 
the same flags and to get 100% clean reports, then use 
-DHAVE_MALLOC_ERRNO=0 for both compilation and static analysis: although 
this might lose some errno information at runtime, that's less important 
than an absolute requirement and it's better than propagating junk errno 
values. Alternatively, you can write a script to remove the incorrect 
static-analyzer diagnostic, or simply ignore the diagnostic; this is a 
very common thing to do in such situations.

Of course it would be better if the static analyzer didn't make 
incorrect assumptions about the underlying platform. A bug report to the 
Clang maintainers would be in order, if this problem is sufficiently 
annoying.

There's nothing unusual about this sort of thing. I've run many static 
analyses using Coverity, GCC, Clang, etc. and there are almost 
invariably glitches where static analysis issues false alarms. And 
although I've sent in my fair share of bug reports, this area continues 
to be buggy. The thing to remember in cases like these is that static 
analysis should be one's servant, not one's master.