General issue - cpp/uninitialized-local should provide at least 1 path that leaves variable uninitialized (preferably all if possible)

[ryao]

Description of the issue

It is very difficult to see how this could be uninitialized and the report looks like a false positive:

https://github.com/ryao/zfs/security/code-scanning/709

I am not yet decided on whether this is a false positive or not, but I am certain that it would be very helpful if CodeQL could provide a path that leaves the variable uninitialized. I have seen it provide possible paths in #11215, but that is for a different query.

[aibaars]

@ryao Thanks for your report. You're right that it is hard in this case to validate whether the variable is truly uninitialized or not. It would indeed be helpful for a query like this to provide additional help. We normally only add flow explanations for queries that perform dataflow and this case we'd need to report control flow paths. This can be done, however, our focus is mostly on security related analyses so it is unlikely that this query will be updated soon.

That said, I think your idea is good and I'll bring it to the attention of the team. You're not the only one running into this problem, we ran into the same issue ourselves when investigating an uninitialized variable report on the git/git codebase.