You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@zookeeper.apache.org by "Michael Hudson-Doyle (Jira)" <ji...@apache.org> on 2020/10/04 23:42:00 UTC
[jira] [Updated] (ZOOKEEPER-3954) use of uninitialized data in
zookeeper-client/zookeeper-client-c/src/zookeeper.c:free_auth_completion
[ https://issues.apache.org/jira/browse/ZOOKEEPER-3954?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Hudson-Doyle updated ZOOKEEPER-3954:
--------------------------------------------
Description:
When compiled with {{-O3}} and {{gcc-10}} (which is the default for Ubuntu on ppc64el), compilation fails like this:
{code}
/bin/bash ./libtool -tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I./include -I./tests -I./generated -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Werror -g -O3 -fdebug-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -MT zookeeper.lo -MD -MP -MF .deps/zookeeper.Tpo -c -o zookeeper.lo `test -f 'src/zookeeper.c' || echo './'`src/zookeeper.c libtool: compile: gcc -DHAVE_CONFIG_H -I. -I./include -I./tests -I./generated -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Werror -g -O3 -fdebug-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -MT zookeeper.lo -MD -MP -MF .deps/zookeeper.Tpo -c src/zookeeper.c -fPIC -DPIC -o .libs/zookeeper.o
src/zookeeper.c: In function 'free_completions':
src/zookeeper.c:284:9: error: 'a_list.next' may be used uninitialized in this function [-Werror=maybe-uninitialized]
284 | tmp = a_list>next;
| ~~~^~~~~~~~~~~~~
cc1: all warnings being treated as errors
{code}
What's happening here is that free_auth_completions is being inlined into free_completions, and this lets gcc see that members of a_list are being accessed without initialization. I don't know anything like enough about this code to see if this is a bug in code paths that are actually taken but at a glance it's certainly not obviously impossible: if the two if conditions at the top level of free_completions evaluate false, the function effectively looks like this:
{code:c}
void free_completions(zhandle_t *zh,int callCompletion,int reason)
{
auth_completion_list_t a_list;
free_auth_completion(&a_list);
}
{code}
so it's pretty clear that a_list is backed by uninitialized stack memory. Explicitly initializing the variable with "{{a_list = \{NULL, NULL, NULL}}}" makes the warning go away.
was:
When compiled with {{-O3}} and {{gcc-10}} (which is the default for Ubuntu on ppc64el), compilation fails like this:
{code:shell}
/bin/bash ./libtool -tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I./include -I./tests -I./generated -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Werror -g -O3 -fdebug-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -MT zookeeper.lo -MD -MP -MF .deps/zookeeper.Tpo -c -o zookeeper.lo `test -f 'src/zookeeper.c' || echo './'`src/zookeeper.c libtool: compile: gcc -DHAVE_CONFIG_H -I. -I./include -I./tests -I./generated -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Werror -g -O3 -fdebug-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -MT zookeeper.lo -MD -MP -MF .deps/zookeeper.Tpo -c src/zookeeper.c -fPIC -DPIC -o .libs/zookeeper.o src/zookeeper.c: In function 'free_completions': src/zookeeper.c:284:9: error: 'a_list.next' may be used uninitialized in this function [-Werror=maybe-uninitialized] 284 | tmp = a_list>next; | ~~~^~~~~~~~~~~~~ cc1: all warnings being treated as errors{code}
What's happening here is that free_auth_completions is being inlined into free_completions, and this lets gcc see that members of a_list are being accessed without initialization. I don't know anything like enough about this code to see if this is a bug in code paths that are actually taken but at a glance it's certainly not obviously impossible: if the two if conditions at the top level of free_completions evaluate false, the function effectively looks like this:
{code:c}
void free_completions(zhandle_t *zh,int callCompletion,int reason)
{
auth_completion_list_t a_list;
free_auth_completion(&a_list);
}
{code}
so it's pretty clear that a_list is backed by uninitialized stack memory. Explicitly initializing the variable with "a_list = {NULL, NULL, NULL}" makes the warning go away.
> use of uninitialized data in zookeeper-client/zookeeper-client-c/src/zookeeper.c:free_auth_completion
> -----------------------------------------------------------------------------------------------------
>
> Key: ZOOKEEPER-3954
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3954
> Project: ZooKeeper
> Issue Type: Bug
> Components: c client
> Affects Versions: 3.6.2
> Reporter: Michael Hudson-Doyle
> Priority: Minor
>
> When compiled with {{-O3}} and {{gcc-10}} (which is the default for Ubuntu on ppc64el), compilation fails like this:
> {code}
> /bin/bash ./libtool -tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I./include -I./tests -I./generated -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Werror -g -O3 -fdebug-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -MT zookeeper.lo -MD -MP -MF .deps/zookeeper.Tpo -c -o zookeeper.lo `test -f 'src/zookeeper.c' || echo './'`src/zookeeper.c libtool: compile: gcc -DHAVE_CONFIG_H -I. -I./include -I./tests -I./generated -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Werror -g -O3 -fdebug-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -MT zookeeper.lo -MD -MP -MF .deps/zookeeper.Tpo -c src/zookeeper.c -fPIC -DPIC -o .libs/zookeeper.o
> src/zookeeper.c: In function 'free_completions':
> src/zookeeper.c:284:9: error: 'a_list.next' may be used uninitialized in this function [-Werror=maybe-uninitialized]
> 284 | tmp = a_list>next;
> | ~~~^~~~~~~~~~~~~
> cc1: all warnings being treated as errors
> {code}
> What's happening here is that free_auth_completions is being inlined into free_completions, and this lets gcc see that members of a_list are being accessed without initialization. I don't know anything like enough about this code to see if this is a bug in code paths that are actually taken but at a glance it's certainly not obviously impossible: if the two if conditions at the top level of free_completions evaluate false, the function effectively looks like this:
>
> {code:c}
> void free_completions(zhandle_t *zh,int callCompletion,int reason)
> {
> auth_completion_list_t a_list;
> free_auth_completion(&a_list);
> }
> {code}
> so it's pretty clear that a_list is backed by uninitialized stack memory. Explicitly initializing the variable with "{{a_list = \{NULL, NULL, NULL}}}" makes the warning go away.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)