Can't understand VS2015 Analyzer report

Question

The analyzer reports that a certain parameter is not initialized. I fail to understand why.

The code:

LPTSTR buffer = NULL;
DWORD reqSize = 16000;
DWORD dataType;
LPTSTR * array;
DWORD szChars;
BOOL bRegProp;

// Allocate buffer according to required size
buffer = new TCHAR[(reqSize /sizeof(TCHAR))+2];
if(!buffer)
    return NULL;

// Get the string into the buffer 
if (FALSE == SetupDiGetDeviceRegistryProperty(Devs, DevInfo, Prop, &dataType, (LPBYTE)buffer, reqSize, &reqSize))
    return NULL;

szChars = reqSize/sizeof(TCHAR);
buffer[szChars] = TEXT('\0');

The analyzer complaints are:

1. 'buffer' is not initialized
2. 'buffer' is used, but may not have been initialized

Now, according to the SAL annotation of this function - you need to make sure it does not return false:

_Success_(return != FALSE)
_When_((*PropertyRegDataType == REG_SZ), _At_((PSTR) PropertyBuffer,   _Post_valid_))
_When_((*PropertyRegDataType == REG_MULTI_SZ), _At_((PZZSTR) PropertyBuffer, _Post_valid_))
WINSETUPAPI
BOOL
WINAPI
SetupDiGetDeviceRegistryPropertyA(
  _In_ HDEVINFO DeviceInfoSet,
  _In_ PSP_DEVINFO_DATA DeviceInfoData,
  _In_ DWORD Property,
  _Out_opt_ PDWORD PropertyRegDataType, 
  _Out_writes_bytes_to_opt_(PropertyBufferSize, *RequiredSize) PBYTE PropertyBuffer,
  _In_ DWORD PropertyBufferSize,
  _Out_opt_ PDWORD RequiredSize 
);

Maybe I miss the "When" thing?

Answer 1

I think you need to check that dataType is REG_SZ (or REG_MULTI_SZ if necessary).

The 'when' clauses are saying "if dataType is REG_SZ, then buffer will have been initialized" ... but the analyser doesn't know that it wasn't a REG_DWORD that was stored in reqSize (yes, I know that isn't where the function stores REG_DWORDs, but the analyser doesn't).