[Towhee-bugs] Use of uninitialized memory in towhee 7.0.4

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Background: I am a systems programmer helping a user run towhee on RHEL6.
Occasionally (20-30% of the time), towhee would get hung in an apparent
infinite loop during the twh_mimage() routine here:
            do while ( twh_cmp_gt(rxuij, hbx) )
               rxuij = rxuij - hmvalue

Running the code in a debugger showed me that rxuij was sometimes really
large value (-3e100 or 3e100).
I eventually narrowed this down to the xcmi, ycmi, and zcmi variables being
used before they were initialized (these variables were allocated, but not
set to anything).

The following patch has made the problem disappear:

--- towhee-7.0.4/Source/globalinfo.c 2011-08-17 13:58:27.000000000 -0400
+++ towhee-7.0.4.modified/Source/globalinfo.c 2013-04-23 06:23:09.419902042
-0400
@@ -71,7 +71,14 @@
 void *twh_allocateVector(size_t size, int M) {
   void *x;

-  if (!(x = malloc(size * M))) {
+
+
+  /*It appears that sometimes memory is used before being set.
+    twh_com(GLB_GET, ..., xcmi, ycmi, zcmi) in initconf.F appears
+    to be one such case. Towhee expects that memory will be zeroed before
use.
+    calloc() zeroes memory.
+   */
+  if (!(x = calloc(M,size))) {
     fprintf(stderr, "Fatal memory allocation error\n");
     exit(1);
   }
@@ -111,8 +118,11 @@
     exit(1);
   }

+  /*Towhee expects that memory will be zeroed before use.
+    calloc() zeroes memory
+   */
   for (i = 0; i < M; i++)
-    if (!(x[i] = (void*) malloc(size * N))) {
+    if (!(x[i] = (void*) calloc(N,size))) {
       fprintf(stderr, "Fatal memory allocation error\n");
       exit(1);
     }


This patch uses calloc to initialize memory to zero when it is first
allocated.


Wesley


-- 
Wesley Emeneker, Research Scientist
The Partnership for an Advanced Computing Environment
Georgia Institute of Technology

404.385.2303
Wes...@oi...
http://pace.gatech.edu
