[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] uninitialized variable access
|
From: |
Grisha Levit |
|
Subject: |
[PATCH] uninitialized variable access |
|
Date: |
Sat, 17 Jun 2023 02:55:32 -0400 |
Some uninitialized variable access identified by clang's static analyzer.
(FWIW 90% of the reports were bogus but these seem legit)
* lib/readline/input.c
- rl_gather_tyi: the `result' variable is no longer initialized before
first access since commit d0bc56a32
* lib/readline/kill.c
- _rl_read_bracketed_paste_prefix: if there's no further input after the
initial \e of the bracketed paste prefix, an uninitialized value of `key'
can get used in the return value
* subst.c
- function_substitute: seems like the `tflag' assignment ended up in the
wrong place?
* builtins/read.def
- read_builtin: with `read -n0', the initialization of saw_escape is goto-d
over but that variable is later accessed
---
diff --git a/lib/readline/input.c b/lib/readline/input.c
index 229474ff..00605834 100644
--- a/lib/readline/input.c
+++ b/lib/readline/input.c
@@ -252,6 +252,7 @@ rl_gather_tyi (void)
chars_avail = 0;
input = 0;
tty = fileno (rl_instream);
+ result = -1;
/* Move this up here to give it first shot, but it can't set chars_avail
*/
/* XXX - need rl_chars_available_hook? */
diff --git a/lib/readline/kill.c b/lib/readline/kill.c
index 1dfe3c57..1f13e447 100644
--- a/lib/readline/kill.c
+++ b/lib/readline/kill.c
@@ -779,7 +779,7 @@ _rl_read_bracketed_paste_prefix (int c)
pbpref = BRACK_PASTE_PREF; /* XXX - debugging */
if (c != pbpref[0])
return (0);
- pbuf[ind = 0] = c;
+ pbuf[ind = 0] = key = c;
while (ind < BRACK_PASTE_SLEN-1 &&
(RL_ISSTATE (RL_STATE_INPUTPENDING|RL_STATE_MACROINPUT) == 0) &&
_rl_pushed_input_available () == 0 &&
diff --git a/subst.c b/subst.c
index 08d9285e..e69e0e5b 100644
--- a/subst.c
+++ b/subst.c
@@ -7021,7 +7021,6 @@ function_substitute (char *string, int quoted, int
flags)
/* We call anonclose as part of the outer nofork unwind-protects */
BLOCK_SIGNAL (SIGINT, set, oset);
lseek (afd, 0, SEEK_SET);
- tflag = 0;
istring = read_comsub (afd, quoted, flags, &tflag);
UNBLOCK_SIGNAL (oset);
}
@@ -7029,6 +7028,7 @@ function_substitute (char *string, int quoted, int
flags)
{
s = get_string_value ("REPLY");
istring = s ? comsub_quote_string (s, quoted, flags) : savestring
("");
+ tflag = 0;
}
run_unwind_frame ("nofork comsub"); /* restores stdout, job control
stuff */
diff --git a/builtins/read.def b/builtins/read.def
index cb4e1e59..80d1241d 100644
--- a/builtins/read.def
+++ b/builtins/read.def
@@ -403,6 +403,9 @@ read_builtin (WORD_LIST *list)
input_string = (char *)xmalloc (size = 112); /* XXX was 128 */
input_string[0] = '\0';
+ pass_next = 0; /* Non-zero signifies last char was backslash. */
+ saw_escape = 0; /* Non-zero signifies that we saw an escape char */
+
/* More input and options validation */
if (nflag == 1 && nchars == 0)
{
@@ -463,9 +466,6 @@ read_builtin (WORD_LIST *list)
add_unwind_protect (xfree, rlbuf);
#endif
- pass_next = 0; /* Non-zero signifies last char was backslash. */
- saw_escape = 0; /* Non-zero signifies that we saw an escape char */
-
if (tmsec > 0 || tmusec > 0)
{
/* Turn off the timeout if stdin is a regular file (e.g. from
- [PATCH] uninitialized variable access,
Grisha Levit <=