From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 112764 invoked by alias); 15 Mar 2017 18:38:13 -0000 Mailing-List: contact newlib-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: newlib-owner@sourceware.org Received: (qmail 112750 invoked by uid 89); 15 Mar 2017 18:38:12 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-0.9 required=5.0 tests=AWL,BAYES_00,KAM_LAZY_DOMAIN_SECURITY,RP_MATCHES_RCVD autolearn=no version=3.3.2 spammy=H*r:ip*192.168.2.2, cid, Howland, H*i:sk:f573307 X-HELO: OARmail.OARCORP.com Received: from oarmail.oarcorp.com (HELO OARmail.OARCORP.com) (67.63.146.244) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 15 Mar 2017 18:38:11 +0000 Received: from [192.168.1.175] (192.168.1.175) by OARmail.OARCORP.com (192.168.2.2) with Microsoft SMTP Server (TLS) id 8.3.389.2; Wed, 15 Mar 2017 13:38:10 -0500 Subject: Re: Use of initialized variable in strtod.c To: Craig Howland , "newlib@sourceware.org" References: <788987e9-9b0d-4bfd-b40a-38c219bd8a17@oarcorp.com> From: Joel Sherrill Message-ID: <47ea65c0-130a-e138-3c7c-0c1a636d87fd@oarcorp.com> Date: Wed, 15 Mar 2017 18:38:00 -0000 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 7bit X-SW-Source: 2017/txt/msg00177.txt.bz2 On 3/15/2017 1:34 PM, Craig Howland wrote: > On 03/15/2017 02:16 PM, Joel Sherrill wrote: >> Hi >> >> I have looked at this one enough to believe it is >> a real issue but have no idea what the proper >> solution is. Maybe someone is more familiar with >> this routine can help. >> >> This looks like it was introduced in 2006 by Jeff >> Johnston but I don't expect him to remember it. :) >> >> https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;a=commit;f=newlib/libc/stdlib/strtod.c;h=f489b5943c8f8655b0a3caddd38114111576ab35 >> >> >> 2006-06-22 Jeff Johnston >> >> * libc/stdlib/Makefile.am: Add new gdtoa routines. >> * libc/stdlib/Makefile.in: Regenerated. >> * libc/stdlib/gd_qnan.h: New file. >> * libc/stdlib/gdtoa-gethex.c: Ditto. >> * libc/stdlib/gdtoa-hexnan.c: Ditto. >> * libc/stdlib/gdtoa.h: Ditto. >> * libc/stdlib/mprec.c: Add new helper routines needed by >> the new gdtoa code. >> * libc/stdlib/mprec.h: Integrate some defines and prototypes >> used by gdtoa routines here. >> * libc/stdlib/strtod.c: Rebased on David M. Gay's gdtoa-strtod.c >> which adds C99 support such as nan, inf, and hexadecimal input >> format. >> >> Basically if (bb) is false, then bits is not set >> and it is used as input to ULtod. >> >> 334 if (bb) { >> 335 copybits(bits, fpi.nbits, bb); >> 336 Bfree(ptr,bb); >> 337 } >> >> CID 175379 (#1 of 1): Uninitialized scalar variable (UNINIT) >> 10. uninit_use_in_call: Using uninitialized element of array bits when calling >> ULtod. [show details] >> 338 ULtod(rv.i, bits, exp, i); >> >> Hopefully someone has some insight on how to fix this. >> >> Thanks. >> > I took a quick look, and I think (it's been ages since I had to do some editing > in strtod.c) it is OK. Specifically, it does appear that bb is only ever > returned as 0 in a case when ULtod does not need the value of bits. So while > Coverity it right that it could be a problem, it is not really. Would it be better to initialize bb to 0? Or assign it on the else to "if (bb)". If that's correct, it would make the intent clearer and eliminate the use of an uninitialized variable. FWIW I am a firm believer in not marking issues as false positive. In this case, there really is a use of an uninitialized variable. So we might as well address that. --joel > Craig >