GCC -fanalyzer report error when compiling glad

[Raffaello]

file: glad.c
line: 210
error: use of uninitialized value '*exts_i.20_2 + _4' [CWE-457] [-Werror=analyzer-use-of-uninitialized-value]

glad generated 4.3 core.

[lephilousophe]

I can't reproduce this error with a GCC 13.2.1.
Can you provide more detailed instructions?

[Dav1dde]

Thanks for checking, I can't either. Please re-open if you have something we can reproduce.

[Raffaello]

apologies i forgot to mention: This is happening with GCC 14,
Fedora 40 has GCC 14.

[lephilousophe]

I still cannot reproduce using Fedora 40 g++ (GCC) 14.1.1 20240522 (Red Hat 14.1.1-4)

With gl.h from http://glad.sh/#api=gl%3Acore%3D4.3&generator=c&options=ALIAS%2CHEADER_ONLY%2CLOADER and the following glad.c:

#define GLAD_GL_IMPLEMENTATION

#include "gl.h"

int main() {
    gladLoaderLoadGL();
    return 0;
}

And compiling with g++ -o /tmp/glad /tmp/glad.c -fanalyzer.

[Raffaello]

apologies again, the error is a warning by default.

so enabling these switches -Wall -Wextra and enabling warning as error -Werror
with -fanalyzer

it should generate an output like this one:

glad.c:233:13: error: use of uninitialized value '*exts_i.20_2 + _4' [CWE-457] [-Werror=analyzer-use-of-uninitialized-value]
[build]   233 |             free((char*) exts_i[index]);
[build]       |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~
[build]   'find_extensionsGL': events 1-2
[build]     |
[build]     | 1538 | static int find_extensionsGL(void)
[build]     |      |            ^~~~~~~~~~~~~~~~~
[build]     |      |            |
[build]     |      |            (1) entry to 'find_extensionsGL'
[build]     | 1539 | {
[build]     | 1540 |     if (!get_exts())
[build]     |      |          ~~~~~~~~~~
[build]     |      |          |
[build]     |      |          (2) calling 'get_exts' from 'find_extensionsGL'
[build]     |
[build]     +--> 'get_exts': events 3-12
[build]            |
[build]            |  184 | static int get_exts(void)
[build]            |      |            ^~~~~~~~
[build]            |      |            |
[build]            |      |            (3) entry to 'get_exts'
[build]            |......
[build]            |  187 |     if (max_loaded_major < 3)
[build]            |      |        ~    
[build]            |      |        |
[build]            |      |        (4) following 'false' branch...
[build]            |......
[build]            |  197 |         num_exts_i = 0;
[build]            |      |         ~~~~~~~~~~~~~~
[build]            |      |                    |
[build]            |      |                    (5) ...to here
[build]            |  198 |         glGetIntegerv(GL_NUM_EXTENSIONS, &num_exts_i);
[build]            |  199 |         if (num_exts_i > 0)
[build]            |      |            ~
[build]            |      |            |
[build]            |      |            (6) following 'true' branch...
[build]            |  200 |         {
[build]            |  201 |             exts_i = (char**) malloc((size_t) num_exts_i * (sizeof *exts_i));
[build]            |      |                               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[build]            |      |                               |      |
[build]            |      |                               |      (7) ...to here
[build]            |      |                               (8) region created on heap here
[build]            |......
[build]            |  204 |         if (exts_i == NULL)
[build]            |      |            ~
[build]            |      |            |
[build]            |      |            (9) following 'false' branch...
[build]            |......
[build]            |  209 |         for (index = 0; index < (unsigned) num_exts_i; index++)
[build]            |      |              ~~~~~~~~~  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[build]            |      |                    |          |
[build]            |      |                    |          (11) following 'false' branch...
[build]            |      |                    (10) ...to here
[build]            |......
[build]            |  223 |     return 1;
[build]            |      |            ~
[build]            |      |            |
[build]            |      |            (12) ...to here
[build]            |
[build]     <------+
[build]     |
[build]   'find_extensionsGL': events 13-16
[build]     |
[build]     | 1540 |     if (!get_exts())
[build]     |      |        ~ ^~~~~~~~~~
[build]     |      |        | |
[build]     |      |        | (13) returning to 'find_extensionsGL' from 'get_exts'
[build]     |      |        (14) following 'false' branch...
[build]     |......
[build]     | 1543 |     free_exts();
[build]     |      |     ~~~~~~~~~~~
[build]     |      |     |
[build]     |      |     (15) ...to here
[build]     |      |     (16) calling 'free_exts' from 'find_extensionsGL'
[build]     |
[build]     +--> 'free_exts': events 17-22
[build]            |
[build]            |  226 | static void free_exts(void)
[build]            |      |             ^~~~~~~~~
[build]            |      |             |
[build]            |      |             (17) entry to 'free_exts'
[build]            |  227 | {
[build]            |  228 |     if (exts_i != NULL)
[build]            |      |        ~     
[build]            |      |        |
[build]            |      |        (18) following 'true' branch...
[build]            |......
[build]            |  231 |         for (index = 0; index < num_exts_i; index++)
[build]            |      |              ~~~~~~~~~  ~~~~~~~~~~~~~~~~~~
[build]            |      |                    |          |
[build]            |      |                    |          (20) following 'true' branch...
[build]            |      |                    (19) ...to here
[build]            |  232 |         {
[build]            |  233 |             free((char*) exts_i[index]);
[build]            |      |             ~~~~~~~~~~~~~~~~~~~~~~~~~~~
[build]            |      |             |                  |
[build]            |      |             |                  (21) ...to here
[build]            |      |             (22) use of uninitialized value '*exts_i.20_2 + _4' here
[build]            |
[build] cc1.exe: all warnings being treated as errors

to be more explicit on my CLI gcc switches:

 -g -Wall -Wextra -Wimplicit-fallthrough=5 -Wdouble-promotion -Wformat=2 -Wformat-signedness -Wnull-dereference -Wunused-const-variable -Wduplicated-branches -Wduplicated-cond -Wfloat-equal -Wshadow -Wunsafe-loop-optimizations -Wundef -Wcast-qual -Wwrite-strings -Wrestrict -Winline -Wsuggest-attribute=pure -Wsuggest-attribute=const -Wsuggest-attribute=noreturn -Wmissing-noreturn -Wsuggest-attribute=malloc -Wuse-after-free=3 -Wstrict-overflow=4 -fanalyzer -Wbad-function-cast -Wstrict-prototypes -Wmissing-prototypes -Werror 

I am actually compiling adding a #pragma GCC diagniostic ignore on -Wanalyzer-use-of-uninitialized-value at the top of the generated glad.c file:

#pragma GCC diagnostic ignored "-Wanalyzer-use-of-uninitialized-value"

[lephilousophe]

Can you point us to the generated GLAD file? Using a Fedora, with the gl.c file generated using the link of yesterday I fail to get this error.
Anyway, the extended diagnostic you pasted should let me to understand the problem.
What bothers me is that I won't be able to test before submitting a PR.

[lephilousophe]

OK! I think I understand.
It seems you are using Glad 0.1 version and not the Glad 2 version.
I will let @Dav1dde decide if this should be fixed.

EDIT: Even with latest Glad 0.1, I can't reproduce the error message on GCC 14.

[Dav1dde]

I can't see the error in the code even with the diagnostics, is it the unsigned cast? But even if I can't reproduce it, definitely in favor of fixing such bugs.

[Raffaello]

what i used is basically this pacakge:
https://glad.dav1d.de/generated/tmpyvlfqmphglad/

• core opengl 4.3
• generate a loader
• local

p.s.
I don't know if there are any updates on glad since when i generated last time.
I think, if i recall correctly back in April i tried to regenerate in such a case there was an update but there was no changes, except the comments timestamp.

---

This is the header of the glad.h that i am using:

/*
OpenGL loader generated by glad 0.1.36 on Sat Apr 13 13:38:08 2024.

    Language/Generator: C/C++
    Specification: gl
    APIs: gl=4.3
    Profile: core
    Extensions:

    Loader: True
    Local files: True
    Omit khrplatform: False
    Reproducible: False

    Commandline:
        --profile="core" --api="gl=4.3" --generator="c" --spec="gl" --local-files --extensions=""
    Online:
        https://glad.dav1d.de/#profile=core&language=c&specification=gl&loader=on&api=gl%3D4.3
 */

[Dav1dde]

@Raffaello can you try changing

 for (index = 0; index < (unsigned) num_exts_i; index++)

into:

 for (index = 0; index < num_exts_i; index++)

And see if the warning goes away?

[Raffaello]

@Raffaello can you try changing

 for (index = 0; index < (unsigned) num_exts_i; index++)

into:

 for (index = 0; index < num_exts_i; index++)

And see if the warning goes away?

it doesn't fix it.

However i have to apologies again as i misled you before:

the correct set-up to reproduce the error is through MinGW (@lephilousophe )

compiling using MinGW with MSYS2 in windows and GCC 13.2.0 ucrt64 leads to that warning.

Most likely it could be some defines that are not well in place with MinGW and glad, not really a code error.

[Raffaello]

@Raffaello can you try changing

 for (index = 0; index < (unsigned) num_exts_i; index++)

into:

 for (index = 0; index < num_exts_i; index++)

And see if the warning goes away?

removing the cast to unsigned leads to having this error:

	comparison of integer expressions of different signedness: 'unsigned int' and 'int' [-Werror=sign-compare]",

[Dav1dde]

Thanks, didn't consider that, but it should get rid of the other warning, just both uses of the integer need to be consistent, either unsigned or signed then it should be resolved.

[lephilousophe]

The PR #473 will fix this error although I suspect a bug in GCC analyzer.

[Dav1dde]

Fixed with the linked PR!