bug-gawk
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-gawk] gawk-5.0.0: use-of-uninitialized-value

From: Вьюкова Надежда
Subject: Re: [bug-gawk] gawk-5.0.0: use-of-uninitialized-value
Date: Fri, 21 Jun 2019 12:09:00 +0300 
Hi,
thank you very much!

GAWK user -
Nadezhda Vyukova

21.06.2019, 11:50, "address@hidden" <address@hidden>:
> Hi.
>
> Please send text-only email in the future, not HTML.
>
> Вьюкова Надежда <address@hidden> wrote:
>
>>  Hi!
>>  Sorry for failing to provide a comprehensible explanation of the problem.
>>
>>  I agree with your explanations of the gawk's behavior in this
>>  example. And I agree that visible behavior of gawk is OK here.
>>
>>  I meant that there might be a defect in the gawk's source code.
>>
>>  Please, refer to the valgrind message:
>>
>>  ==6314== Conditional jump or move depends on uninitialised value(s)
>>  ==6314==    at 0x414446: yylex (awkgram.y:4477)
>>  ==6314==    by 0x414446: yyparse (awkgram.c:1833)
>>  ==6314==    by 0x417263: parse_program (awkgram.y:2776)
>>  ==6314==    by 0x406AFE: main (main.c:473)
>>
>>  (Similar message is produced with MemorySanitizer.)
>>
>>  Look at line 4477 in awkgram.y:
>>
>>       if (*lexptr == '(') {
>>
>>  If you run gawk under gdb (with the provided input files)
>>  and set break at awkgram.y:4477, you can check that
>>  lexptr == lexend at this point. It means that lexptr
>>  points beyond the buffer of data read from A.awk.
>>
>>  Gawk works OK here because the heap memory is normally
>>
>>  zero initialized in UNIX systems. But in general the buffers
>>  allocated from heap need not be filled with zeros.
>>  So there is a risk that the comparison (*lexptr == '(')
>>  might hold and gawk execution might go the wrong way.
>>
>>  Best regards,
>>  Nadezhda Vyukova
>
> Thanks for the explanation. I was able to reproduce it. The fix
> is below.
>
> Arnold
> ------------------------------------------------
> diff --git a/awkgram.y b/awkgram.y
> index 3cbcfd31..a940ac9d 100644
> --- a/awkgram.y
> +++ b/awkgram.y
> @@ -3185,6 +3185,7 @@ get_src_buf()
>                  sourcefile->bufsize = l;
>                  newfile = true;
>                  emalloc(sourcefile->buf, char *, sourcefile->bufsize, 
> "get_src_buf");
> + memset(sourcefile->buf, '\0', sourcefile->bufsize); // keep valgrind happy
>                  lexptr = lexptr_begin = lexeme = sourcefile->buf;
>                  savelen = 0;
>                  sourceline = 1;
reply via email to
[Prev in Thread] Current Thread [Next in Thread]