2011/4/1 Eric Blake <eblake@redhat.com>:
Even with -Wuninitialized (which is part of autobuild.sh --enable-compile-warnings=error), gcc does NOT catch this use of an uninitialized variable:
{ if (cond) goto error; int a = 1; error: printf("%d", a); }
which prints 0 (if the stack was previously wiped) if cond was true. Clang will catch it, but we dont' use clang as often. Using gcc -Wjump-misses-init gives false positives:
{ if (cond) goto error; int a = 1; return a; error: return 0; }
Here, a was never used in the scope of the error block, so declaring it after goto is technically fine (and clang agrees); however, given that our HACKING already documents a preference to C89 decl-before-statement, the false positive warning is enough of a prod to comply with HACKING.
[Personally, I'd _really_ rather use C99 decl-after-statement to minimize scope, but until gcc can efficiently and reliably catch scoping and uninitialized usage bugs, I'll settle with the compromise of enforcing a coding standard that rejects false positives.]
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 9082515..b03f774 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -51,8 +51,8 @@ int qemuDomainChangeEjectableMedia(struct qemud_driver *driver, int i; int ret; char *driveAlias = NULL; + qemuDomainObjPrivatePtr priv;
- origdisk = NULL; for (i = 0 ; i < vm->def->ndisks ; i++) { if (vm->def->disks[i]->bus == disk->bus && STREQ(vm->def->disks[i]->dst, disk->dst)) {
I had to look it up in the source, as it is not visible in the context that it's okay to remove origdisk = NULL, but origdisk is already initialized to NULL, so this second assignment is not necessary. ACK. Matthias