You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by "Michael Hudson-Doyle (Jira)" <ji...@apache.org> on 2020/10/04 23:40:00 UTC
[jira] [Created] (ZOOKEEPER-3954) use of uninitialized data in
zookeeper-client/zookeeper-client-c/src/zookeeper.c:free_auth_completion
Michael Hudson-Doyle created ZOOKEEPER-3954:
-----------------------------------------------
Summary: use of uninitialized data in zookeeper-client/zookeeper-client-c/src/zookeeper.c:free_auth_completion
Key: ZOOKEEPER-3954
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3954
Project: ZooKeeper
Issue Type: Bug
Components: c client
Affects Versions: 3.6.2
Reporter: Michael Hudson-Doyle
When compiled with {{-O3}} and {{gcc-10}} (which is the default for Ubuntu on ppc64el), compilation fails like this:
{code:shell}
/bin/bash ./libtool -tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I./include -I./tests -I./generated -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Werror -g -O3 -fdebug-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -MT zookeeper.lo -MD -MP -MF .deps/zookeeper.Tpo -c -o zookeeper.lo `test -f 'src/zookeeper.c' || echo './'`src/zookeeper.c libtool: compile: gcc -DHAVE_CONFIG_H -I. -I./include -I./tests -I./generated -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Werror -g -O3 -fdebug-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -MT zookeeper.lo -MD -MP -MF .deps/zookeeper.Tpo -c src/zookeeper.c -fPIC -DPIC -o .libs/zookeeper.o src/zookeeper.c: In function 'free_completions': src/zookeeper.c:284:9: error: 'a_list.next' may be used uninitialized in this function [-Werror=maybe-uninitialized] 284 | tmp = a_list>next; | ~~~^~~~~~~~~~~~~ cc1: all warnings being treated as errors{code}
What's happening here is that free_auth_completions is being inlined into free_completions, and this lets gcc see that members of a_list are being accessed without initialization. I don't know anything like enough about this code to see if this is a bug in code paths that are actually taken but at a glance it's certainly not obviously impossible: if the two if conditions at the top level of free_completions evaluate false, the function effectively looks like this:
{code:c}
void free_completions(zhandle_t *zh,int callCompletion,int reason)
{
auth_completion_list_t a_list;
free_auth_completion(&a_list);
}
{code}
so it's pretty clear that a_list is backed by uninitialized stack memory. Explicitly initializing the variable with "a_list = {NULL, NULL, NULL}" makes the warning go away.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)