Re: [bug-gawk] gawk-5.0.0: use-of-uninitialized-value

bug-gawk

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-gawk] gawk-5.0.0: use-of-uninitialized-value

From:	arnold
Subject:	Re: [bug-gawk] gawk-5.0.0: use-of-uninitialized-value
Date:	Fri, 21 Jun 2019 02:49:51 -0600
User-agent:	Heirloom mailx 12.5 7/5/10

Hi.

Please send text-only email in the future, not HTML.

Вьюкова Надежда <address@hidden> wrote:

> Hi!  
> Sorry for failing to provide a comprehensible explanation of the problem.  
>   
> I agree with your explanations of the gawk's behavior in this  
> example. And I agree that visible behavior of gawk is OK here.  
>   
> I meant that there might be a defect in the gawk's source code.  
>   
> Please, refer to the valgrind message:  
>   
> ==6314== Conditional jump or move depends on uninitialised value(s)  
> ==6314==    at 0x414446: yylex (awkgram.y:4477)  
> ==6314==    by 0x414446: yyparse (awkgram.c:1833)  
> ==6314==    by 0x417263: parse_program (awkgram.y:2776)  
> ==6314==    by 0x406AFE: main (main.c:473)
> 
> 
> (Similar message is produced with MemorySanitizer.)  
>   
> Look at line 4477 in awkgram.y:  
>   
>      if (*lexptr == '(') {  
>   
> If you run gawk under gdb (with the provided input files)  
> and set break at awkgram.y:4477, you can check that  
> lexptr == lexend at this point. It means that lexptr  
> points beyond the buffer of data read from A.awk.  
>   
> Gawk works OK here because the heap memory is normally
> 
> zero initialized in UNIX systems. But in general the buffers  
> allocated from heap need not be filled with zeros.  
> So there is a risk that the comparison (*lexptr == '(')  
> might hold and gawk execution might go the wrong way.  
>   
> Best regards,  
> Nadezhda Vyukova  

Thanks for the explanation. I was able to reproduce it. The fix
is below.

Arnold
------------------------------------------------
diff --git a/awkgram.y b/awkgram.y
index 3cbcfd31..a940ac9d 100644
--- a/awkgram.y
+++ b/awkgram.y
@@ -3185,6 +3185,7 @@ get_src_buf()
                sourcefile->bufsize = l;
                newfile = true;
                emalloc(sourcefile->buf, char *, sourcefile->bufsize, 
"get_src_buf");
+               memset(sourcefile->buf, '\0', sourcefile->bufsize);     // keep 
valgrind happy
                lexptr = lexptr_begin = lexeme = sourcefile->buf;
                savelen = 0;
                sourceline = 1;

[Prev in Thread]

Current Thread

[Next in Thread]

[bug-gawk] gawk-5.0.0: use-of-uninitialized-value, Вьюкова Надежда, 2019/06/19
- Re: [bug-gawk] gawk-5.0.0: use-of-uninitialized-value, Andrew J. Schorr, 2019/06/19
- Message not available
  - Re: [bug-gawk] gawk-5.0.0: use-of-uninitialized-value, Вьюкова Надежда, 2019/06/20
    - Re: [bug-gawk] gawk-5.0.0: use-of-uninitialized-value, arnold <=
    - Re: [bug-gawk] gawk-5.0.0: use-of-uninitialized-value, Вьюкова Надежда, 2019/06/21
    - Re: [bug-gawk] gawk-5.0.0: use-of-uninitialized-value, Andrew J. Schorr, 2019/06/21
    - Re: [bug-gawk] gawk-5.0.0: use-of-uninitialized-value, arnold, 2019/06/21

Prev by Date: Re: [bug-gawk] gawk-5.0.0: use-of-uninitialized-value
Next by Date: Re: [bug-gawk] gawk-5.0.0: use-of-uninitialized-value
Previous by thread: Re: [bug-gawk] gawk-5.0.0: use-of-uninitialized-value
Next by thread: Re: [bug-gawk] gawk-5.0.0: use-of-uninitialized-value
Index(es):
- Date
- Thread