<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/134103>134103</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            False-positive: code analyzer does not know what "accept()/recvfrom()" does [initializing arguments by pointer]
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          alavrentiev
      </td>
    </tr>
</table>

<pre>
    Consider the following code snippet:
```
struct sockaddr_in addr;
socklen_t addrlen = sizeof(addr);
sock = accept (fd, (struct sockaddr*) &addr, &addrlen);
if (sock < 0) {
// 14←Assuming 'sock' is >= 0
  return False;
}
... /* nothing touches "addr" in the interim */
host = addr.sin_addr.s_addr;
// 18←Assigned value is garbage or undefined
```
At "18" a bogus report is flagged.  Even if code analyzer did not know what the `accept()` syscall does, giving the function (which can't be previewed at the source code level) a benefit of the doubt, it should be considered that the call did initialize its argument `addr` passed by the pointer, thus validating the entire contents of it.  No garbage.

The same happens for the `recvfrom()` call:
```
if (recvfrom(s_Sock[0], buf, sizeof(buf), 0, (struct sockaddr*) &sin, &sinlen) > 0) {
 ...
 from = sin.sin_addr.s_addr;
 // 13←Assigned value is garbage or undefined
}
```

BTW, using a different technique of dealing with `accept()` peculiarity, causes the same bogus report:
```
union {
  struct sockaddr     sa;
  struct sockaddr_in  in;
  struct sockaddr_in6 in6;
  struct sockaddr_un  un;
} u;
...
fd = accept (sock, &u.sa, &addrlen);
...
assert(u.un.sun_family == AF_UNIX);
// 28←The left operand of '==' is a garbage value
```

</pre>
<img width="1" height="1" alt="" src="http://email.email.llvm.org/o/eJycVU2P4zYM_TXKhVhDkR0nOfjgmdkAveylW7S3QLZoW11FcvWRYPbXF5STTJDdRYEGASybIkW-90jJEPRoERu2eWGbt5VMcXK-kUaePdqo8bzqnHpvXp0NWqGHOCEMzhh30XaE3imEYPU8Y2Rly3jLan798zZEn_oIwfXfpFL-qC3Qk5UvZHT9N4P2GPM3gxZY-QZBf0c3MLHLG8X-Y282y77HOQITu0Ex8UqLp0OYaJnYAxP18vZ6Wxq093h6yJ5L1Ffg2WNLFiYOTBxgXbHPgu1qtudtCOlEtTKxJQ8mtqADsPIzJURlAniMyVs4SBNwOYFt3xhvi6KAHLEF6-JEUaJL_YQBmBBLggK0zahqG9HrE-QKDoy3kwtxqVopXwRtj8vi-AHiLd3dY7pEqIKzNAkp01H6To4IzkOyCgdtUT0R1RKkYr2jbCR0bkwBPM7ORwowGDmOqAqAz2e0oIeFdmmlef-OHpRWVB58s-4Cl0nGXA6r-cIWEzsCvuYQ3kMvjQHlMBAzoz5nSEhSyfZRO0u8XCbdT9BLy8Q2QocwezxrvKCCa-zgku9xScPgGQ0RKKFDi4OO4Ia8S7nURTpHRwiTS0ZRsP6qZFQQb7kuWWkF2uqopdHfEXQMIP2YTmhjLoZArznMMgRU0L1nz9ll2uiUOKVAqGsl460saiGfz4xoY6DMdCwAvrgbLQVRwduvVJU8IUxyntEGGJy_weixPw_enT6ApHx_bLdF1Q-7w_F3EuzmhbPNG6XYpYEe9ybL73v6xP-rm4K212YK2i69RD3w2DtQFFQN0OnXZrY_ly3cdFv-D93mznqsm_H25euflF0KBLwEpYcBaX5BxH6y-p-EBL1CaWjDRcfpZ_qcsU9GS6_jO0XrZQoYFsERNY998SP6yWb5LkjAE45AvyCv1T9baTCCtr-21qBt_StzsgDJ3scOpGW5kDGop7m5jLBMZCqC_MWAXJxJ6Z7wSUWyRUj2OMiTNu8UkqK2h-MfX3776-51ZVV8TCOStcEhgpvRS6uIBSa2i_91kso705n6J1hXqinVvtzLFTbrbVXWfLep-GpqBlRrPmzWQ1nV9VpW5Z5Xndx0e-z6flvuVroRXGx4xcV6UwnBi3K766WodlUlRY01sorjSWpTGHM-Fc6PKx1CwmZdVmterozs0IR8MQph8QLZyoSge9I35PSpS2NgFTc6xPARJuposMm3wafZBR31GVnZPo9Nh-FpbtKl8KhJcXjqfSEWN7Z5uY-qLPnroAo0l24zafO2St40U4xzIL1mdkYdp9QVPYU8UMbXx6fZu7-xj0wccp2BicMViHMj_g0AAP__1ICHfw">