<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/128531>128531</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            [clang] No warning for a memcpy from an uninitialized local variable
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            clang
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          isbadawi
      </td>
    </tr>
</table>

<pre>
    I encountered a bug that boiled down to something like this, passing the address of an uninitialized local variable as the source for memcpy:

```c
#include <string.h>

void foo(int *out) {
  int x;

 memcpy(out, &x, sizeof(x));
}
```

The bug was only discovered after upgrading to a more recent clang happened to expose a runtime issue, there was no diagnostic. I found that latest gcc warns about this, but latest clang doesn't, see https://godbolt.org/z/7rd84W7sc

Output from gcc 14.2

```
<source>: In function 'main':
<source>:7:3: warning: 'x' is used uninitialized [-Wuninitialized]
    7 |   memcpy(&y, &x, sizeof(x));
 |   ^~~~~~~~~~~~~~~~~~~~~~~~~
<source>:4:7: note: 'x' declared here
 4 |   int x;
      |    
```

It seems like gcc also more generally emits either `-Wuninitialized` or `-Wmaybe-uninitialized` when passing pointers to uninitialized local variables to functions, which is partly driven by parameters marked `const` or annotated using attribute `access`, but at least the memcpy case seems like it would be useful to cover.
</pre>
<img width="1" height="1" alt="" src="http://email.email.llvm.org/o/eJyEVE2P4ygQ_TXkUurIwXacHHLoj4nUl93LSnMuQ9lmB0MERdLpw_72FTjd09Ot3YmQTKCK-njvFcZoRkd0EO2DaJ9WmHjy4WBijxovZtV7fT08Aznlk2MKpAGhTyPwhAy9N5Y0aH9xwB6in4kn40aw5gcBTyYK-QinHMRlFwLUOlCM4AdAB8kZZ9igNa-kwXqFFs4YDPaWAGPxiD4FRTD4ADPN6nQV9b2oytpWy1L5j6yNUzZpAlE_Rg7GjetJ1N8W27M3GgbvhdwZxyDkvU8s5B5E9yCqe4B8-iLqh8X8LZTcFbNHEHL7kr_RvJIfhNy9CLnPa_Honj7ms7zx10SlUxeM4J29gjZR-fPSw4EpQDqNAXVpjQeE2QeCQIocg7LoRpjwdCJHOt_Ty8lHAoSQHJuZwMSYKOfEEwUqYZwHbXB0PrJRa3iGwSenF6wsMkWGUSm4YHARsPeJ30Hq07vJElt7ik7IrpQfiWBiPsXcfHkU8jh63XvLax9GIY-vQh67oHfN9y6qpfw_E58SwxD8XIJumrX8hFve148LwBmp-h6eHQzJKTbegZDdjCbncIP8V9t8WmefXI5xY94K2b0I2YGJkCLpTwQT7cPd91-ORPtU0AfoQHSPAD-BF3J7_T3yNy_RfvvnP35fE29uyYPzTB-z1qQsZnpkQPPjze35D-SE8luO4SvpnjljNcdFgbnvaKNfqDWSo4DWXoFmwxHIZOaA2Fafu7KtwN8uZrz2dPfl-jKRexf2yZs8G2Km6f9Juhi8wVtYd5mMmjJaJwycJRLMmRz013yAM5VXZww_MnrbSnkX-ZYdOucZOYNckkDmYPrElA1RKYoxd-VG7SwAwshlpCwYg8JIH7tlGC4-WQ09ZfYMyeZ8i2TXK32o9b7e44oOm66pmk1TyW41HahC3G-bYa-6QTa0HSrd7IdW9W2tOtrvV-YgK9lWUjabbd6t-0q1G4ltsxsaWZEUTUUzGru29jxnPa2Ksg8buWvrzcpiTzaW-SxlkaaQMo_qcMgOd30ao2gqayLHn0-wYVuG-uLRPsEf_k0oZZbiWxeKQH8zi1cp2MMn_RueUr9WfhbymMPePnen4P8mxUIeSxlRyOOtkvNB_hsAAP__PlUVMw">