UNINIT.CTOR.MIGHT
Uninitialized variable in constructor possible
The UNINIT.CTOR.MIGHT checker finds class variables that may not have been initialized in the constructor.
Vulnerability and risk
In C++, primitive data type variables need to be initialized explicitly. Use of uninitialized members in class methods typically leads to unpredictable behavior, and may have security implications.
Mitigation and prevention
To avoid use of uninitialized variables, make sure that constructors initialize all class fields.
Vulnerable code example
Copy
                                                    
                                                
                                                  class C {
      int i;
    public:
      C(bool flag) {
        if (flag) i = 0;
      }
  };Klocwork flags line 6, indicating that the value of 'this->i' variable might remain uninitialized when constructor exits.




