#69 Use of uninitialied memory (fix included)

v1.0 (example)
closed-fixed
nobody
None
5
2014-12-15
2014-01-14
Campbell Barton
No

Notion uses uninitialized stack memory, attached fix for the bug, however Im not totally sure the this function should be setting hints_ret->max_set.

Output from valgrind.

git version 376a72bbc9555344e3fec0f16603b47e4e0ddedd

==5469== Conditional jump or move depends on uninitialised value(s)
==5469== at 0x42DAE0: frame_size_hints (frame.c:483)
==5469== by 0x427E5A: region_size_hints (resize.c:653)
==5469== by 0x427EF2: region_size_hints_correct (resize.c:676)
==5469== by 0x43B9F4: sizepolicy_free_snap (sizepolicy.c:148)
==5469== by 0x43C059: sizepolicy (sizepolicy.c:310)
==5469== by 0x43EF93: group_do_attach_final (group.c:691)
==5469== by 0x42628E: doit_new (attach.c:38)
==5469== by 0x426674: region_attach_helper (attach.c:184)
==5469== by 0x43F1E5: group_do_attach (group.c:754)
==5469== by 0x7B18480: create_scratchws (main.c:95)
==5469== by 0x426267: doit_new (attach.c:33)
==5469== by 0x426674: region_attach_helper (attach.c:184)
==5469== by 0x432983: mplex_do_attach_pholder (mplex.c:1391)
==5469== by 0x4329D7: mplex_do_attach (mplex.c:1409)
==5469== by 0x432A33: mplex_do_attach_new (mplex.c:1426)
==5469== by 0x7B18512: create (main.c:119)
==5469== by 0x7B18689: mod_sp_create_scratchpad (main.c:169)
==5469== by 0x7B189A4: l2chnd_b_o__WScreen (exports.c:12)
==5469== by 0x45011E: extl_l1_call_handler2 (luaextl.c:1885)
==5469== by 0x538BD5C: ??? (in /usr/lib/liblua.so.5.2.3)
==5469== by 0x538C0BC: ??? (in /usr/lib/liblua.so.5.2.3)
==5469== by 0x538B6BB: ??? (in /usr/lib/liblua.so.5.2.3)
==5469== by 0x538C300: ??? (in /usr/lib/liblua.so.5.2.3)
==5469== by 0x538839C: lua_pcallk (in /usr/lib/liblua.so.5.2.3)
==5469== by 0x450475: extl_l1_call_handler (luaextl.c:1973)
==5469== by 0x538BD5C: ??? (in /usr/lib/liblua.so.5.2.3)
==5469== by 0x5397123: ??? (in /usr/lib/liblua.so.5.2.3)
==5469== by 0x538C0C8: ??? (in /usr/lib/liblua.so.5.2.3)
==5469== by 0x53882C7: lua_callk (in /usr/lib/liblua.so.5.2.3)
==5469== by 0x44F974: call_loaded (luaextl.c:1636)
==5469== by 0x538BD5C: ??? (in /usr/lib/liblua.so.5.2.3)
==5469== by 0x538C0BC: ??? (in /usr/lib/liblua.so.5.2.3)
==5469== by 0x538B6BB: ??? (in /usr/lib/liblua.so.5.2.3)
==5469== by 0x538C300: ??? (in /usr/lib/liblua.so.5.2.3)
==5469== by 0x538839C: lua_pcallk (in /usr/lib/liblua.so.5.2.3)
==5469== by 0x44F68B: extl_dodo_call_vararg (luaextl.c:1535)
==5469== by 0x44F7C9: extl_do_call_vararg (luaextl.c:1579)
==5469== by 0x44C8F1: extl_docpcall (luaextl.c:127)
==5469== by 0x538BD5C: ??? (in /usr/lib/liblua.so.5.2.3)
==5469== by 0x538C0BC: ??? (in /usr/lib/liblua.so.5.2.3)
==5469== by 0x538B6BB: ??? (in /usr/lib/liblua.so.5.2.3)
==5469== by 0x538C300: ??? (in /usr/lib/liblua.so.5.2.3)
==5469== by 0x538839C: lua_pcallk (in /usr/lib/liblua.so.5.2.3)
==5469== by 0x44C989: extl_cpcall (luaextl.c:148)
==5469== by 0x44F718: extl_cpcall_call (luaextl.c:1555)
==5469== by 0x44F861: extl_call_vararg (luaextl.c:1596)
==5469== by 0x44F90A: extl_call (luaextl.c:1606)
==5469== by 0x44C127: try_call (readconfig.c:272)
==5469== by 0x44BDD3: do_try (readconfig.c:164)
==5469== by 0x44BFB0: try_etcpath (readconfig.c:222)
==5469== Uninitialised value was created by a stack allocation
==5469== at 0x427EC9: region_size_hints_correct (resize.c:673)

1 Attachments

Discussion

  • Arnout Engelen
    Arnout Engelen
    2014-01-14

    (argh sf.net ate my comment)

    Thanks for the heads-up, indeed I haven't used valgrind in a while. I agree we should fix this, but I'm not sure this is the best way to do it. While it's nicely consistent with how min_* is handled, we could also just avoid reading max_width/max_height unless max_set. That might be closer to the current behavior, since on Linux most stack memory will be initially 0 (though of course we shouldn't assume that).

    Also, looking at this code, I wonder whether/how/where max_set is initialized for floating windows.

     
  • Arnout Engelen
    Arnout Engelen
    2014-03-18

    • status: open --> pending
     
  • Arnout Engelen
    Arnout Engelen
    2014-03-18

    Should be OK in latest git, right?

     
  • Arnout Engelen
    Arnout Engelen
    2014-04-01

    • status: pending --> closed-fixed