From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 105994 invoked by alias); 15 Mar 2017 18:34:54 -0000 Mailing-List: contact newlib-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: newlib-owner@sourceware.org Received: (qmail 105983 invoked by uid 89); 15 Mar 2017 18:34:54 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=0.5 required=5.0 tests=AWL,BAYES_50,RCVD_IN_DNSWL_NONE,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2 spammy=cid, UD:am, ditto, Makefileam X-HELO: mail01.lgsinnovations.com Received: from mail01.lgsinnovations.com (HELO mail01.lgsinnovations.com) (184.75.234.233) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 15 Mar 2017 18:34:47 +0000 Subject: Re: Use of initialized variable in strtod.c To: References: <788987e9-9b0d-4bfd-b40a-38c219bd8a17@oarcorp.com> From: Craig Howland Message-ID: Date: Wed, 15 Mar 2017 18:34:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0 MIME-Version: 1.0 In-Reply-To: <788987e9-9b0d-4bfd-b40a-38c219bd8a17@oarcorp.com> Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 7bit X-ClientProxiedBy: LGS-EX05.lgsdirect.com (135.22.48.227) To LGS-EX01.lgsdirect.com (135.22.77.164) X-IsSubscribed: yes X-SW-Source: 2017/txt/msg00176.txt.bz2 On 03/15/2017 02:16 PM, Joel Sherrill wrote: > Hi > > I have looked at this one enough to believe it is > a real issue but have no idea what the proper > solution is. Maybe someone is more familiar with > this routine can help. > > This looks like it was introduced in 2006 by Jeff > Johnston but I don't expect him to remember it. :) > > https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;a=commit;f=newlib/libc/stdlib/strtod.c;h=f489b5943c8f8655b0a3caddd38114111576ab35 > > > 2006-06-22 Jeff Johnston > > * libc/stdlib/Makefile.am: Add new gdtoa routines. > * libc/stdlib/Makefile.in: Regenerated. > * libc/stdlib/gd_qnan.h: New file. > * libc/stdlib/gdtoa-gethex.c: Ditto. > * libc/stdlib/gdtoa-hexnan.c: Ditto. > * libc/stdlib/gdtoa.h: Ditto. > * libc/stdlib/mprec.c: Add new helper routines needed by > the new gdtoa code. > * libc/stdlib/mprec.h: Integrate some defines and prototypes > used by gdtoa routines here. > * libc/stdlib/strtod.c: Rebased on David M. Gay's gdtoa-strtod.c > which adds C99 support such as nan, inf, and hexadecimal input > format. > > Basically if (bb) is false, then bits is not set > and it is used as input to ULtod. > > 334 if (bb) { > 335 copybits(bits, fpi.nbits, bb); > 336 Bfree(ptr,bb); > 337 } > > CID 175379 (#1 of 1): Uninitialized scalar variable (UNINIT) > 10. uninit_use_in_call: Using uninitialized element of array bits when calling > ULtod. [show details] > 338 ULtod(rv.i, bits, exp, i); > > Hopefully someone has some insight on how to fix this. > > Thanks. > I took a quick look, and I think (it's been ages since I had to do some editing in strtod.c) it is OK. Specifically, it does appear that bb is only ever returned as 0 in a case when ULtod does not need the value of bits. So while Coverity it right that it could be a problem, it is not really. Craig