tinycc-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Tinycc-devel] Use of uninitalized automatic variable in TCC when p


From: Michael Matz
Subject: Re: [Tinycc-devel] Use of uninitalized automatic variable in TCC when parsing “int f ( int ( )”
Date: Tue, 12 Mar 2019 16:34:38 +0000 (UTC)
User-agent: Alpine 2.21 (LSU 202 2017-01-01)

Hello Pascal,

On Fri, 8 Mar 2019, Pascal Cuoq wrote:

> the simplest way to make this problem visible is to instrument the 
> functions type_decl and post_type:

Thanks for the report, fixed in mob.


Ciao,
Michael.

> 
> diff --git a/tccgen.c b/tccgen.c
> index 87ec798..7fa6c72 100644
> --- a/tccgen.c
> +++ b/tccgen.c
> @@ -4374,7 +4374,7 @@ static int post_type(CType *type, AttributeDef *ad, int 
> storage, int td)
>      Sym **plast, *s, *first;
>      AttributeDef ad1;
>      CType pt;
> -
> +    n = 0xf00f0011;
>      if (tok == '(') {
>          /* function type, or recursive declarator (return if so) */
>          next();
> @@ -4410,6 +4410,7 @@ static int post_type(CType *type, AttributeDef *ad, int 
> storage, int td)
>                  }
>                  convert_parameter_type(&pt);
>                  arg_size += (type_size(&pt, &align) + PTR_SIZE - 1) / 
> PTR_SIZE;
> +                if (n == 0xf00f0011) printf("using n uninitialized\n");
>                  s = sym_push(n | SYM_FIELD, &pt, 0, 0);
>                  *plast = s;
>                  plast = &s->next;
> @@ -4583,7 +4584,7 @@ static CType *type_decl(CType *type, AttributeDef *ad, 
> int *v, int td)
>             parse_attribute(ad);
>             post = type_decl(type, ad, v, td);
>             skip(')');
> -       }
> +       } else printf("*v left uninitialized\n");
>      } else if (tok >= TOK_IDENT && (td & TYPE_DIRECT)) {
>         /* type identifier */
>         *v = tok;
> 
> 
> The function post_type declares an automatic variable n and does not 
> initialize it. Setting it to 0xf00f0011 allows to see that it has not been 
> assigned when it is used later in this function (ored with SYM_FIELD and 
> passed as argument to the function sym_push). When “using n uninitialized” is 
> printed in the instrumented version of TCC, it means that n would have been 
> used uninitialized in the uninstrumented version of the compiler.
> 
> $ cat cr.i
> int f ( int (  )
> $ ./tcc cr.i
> *v left uninitialized
> using n uninitialized
> cr.i:2: error: ',' expected (got "<eof>")
> 
> Some inputs cause “*v left uninitialized” to be printed but not “using n 
> uninitialized”:
> 
> $ cat cr.i
> int f(void) { ( int (  )
> $ ./tcc cr.i
> *v left uninitialized
> cr.i:2: error: ')' expected (got "<eof>")
> 
> I have not found any syntactically correct input that caused “*v left 
> uninitialized” to be printed but not “using n uninitialized”, so a solution 
> *might* be to make TCC error out at the point where I made it print out “*v 
> left uninitialized”, but this is for someone with better understanding of the 
> code than me to decide.
> 
> Pascal
> 
> 

reply via email to

[Prev in Thread] Current Thread [Next in Thread]