[Bug translator/27933] New: Use of unitialized functioncall synthetic field in

public inbox for systemtap@sourceware.org
 help / color / mirror / Atom feed

From: "mark at klomp dot org" <sourceware-bugzilla@sourceware.org>
To: systemtap@sourceware.org
Subject: [Bug translator/27933] New: Use of unitialized functioncall synthetic field in
Date: Mon, 31 May 2021 12:21:28 +0000	[thread overview]
Message-ID: <bug-27933-6586@http.sourceware.org/bugzilla/> (raw)

https://sourceware.org/bugzilla/show_bug.cgi?id=27933

            Bug ID: 27933
           Summary: Use of unitialized functioncall synthetic field in
           Product: systemtap
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: translator
          Assignee: systemtap at sourceware dot org
          Reporter: mark at klomp dot org
  Target Milestone: ---

Running the helloworld.stp example under valgrind gives:

 ==113473== Conditional jump or move depends on uninitialised value(s)
 ==113473==    at 0x1EE356:
functioncall_security_check::visit_embeddedcode(embeddedcode*)
(elaborate.cxx:3140)
 ==113473==    by 0x1EAC50: UnknownInlinedFun (elaborate.cxx:3110)
 ==113473==    by 0x1EAC50: symresolution_info::find_functions(functioncall*,
std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >
const&, unsigned int, token const*) (elaborate.cxx:3268)
 ==113473==    by 0x1ED93B:
symresolution_info::visit_functioncall(functioncall*) (elaborate.cxx:2946)
 ==113473==    by 0x1E93BB: symresolution_info::visit_block(block*)
(elaborate.cxx:2610)
 ==113473==    by 0x1E93BB: symresolution_info::visit_block(block*)
(elaborate.cxx:2610)
 ==113473==    by 0x1E83E4: semantic_pass_symbols(systemtap_session&) [clone
.lto_priv.0] (elaborate.cxx:1977)
 ==113473==    by 0x19BCCE: UnknownInlinedFun (elaborate.cxx:2540)
 ==113473==    by 0x19BCCE: passes_0_4(systemtap_session&) (main.cxx:1049)
 ==113473==    by 0x18FB73: main (main.cxx:1534)
 ==113473==  Uninitialised value was created by a heap allocation
 ==113473==    at 0x4840FF5: operator new(unsigned long)
(vg_replace_malloc.c:417) 
 ==113473==    by 0x1C4E22: UnknownInlinedFun (parse.cxx:4044)
 ==113473==    by 0x1C4E22: parser::parse_value() (parse.cxx:3795)
 ==113473==    by 0x1C59E9: parser::parse_dwarf_value() (parse.cxx:3732)
 ==113473==    by 0x1C6C0D: UnknownInlinedFun (parse.cxx:3690)
 ==113473==    by 0x1C6C0D: parser::parse_unary() (parse.cxx:3664)
 ==113473==    by 0x1C6ECF: parser::parse_multiplicative() (parse.cxx:3625)
 ==113473==    by 0x1C7023: parser::parse_additive() (parse.cxx:3602)
 ==113473==    by 0x1BB25F: parser::parse_concatenation() (parse.cxx:3578)
 ==113473==    by 0x1BB39F: parser::parse_shift() (parse.cxx:3555)
 ==113473==    by 0x1BBCDB: UnknownInlinedFun (parse.cxx:3513)
 ==113473==    by 0x1BBCDB: parser::parse_array_in() (parse.cxx:3465)
 ==113473==    by 0x1BC2CF: parser::parse_boolean_and() (parse.cxx:3421)
 ==113473==    by 0x1BC40F: parser::parse_boolean_xor() (parse.cxx:3399)
 ==113473==    by 0x1BC54F: parser::parse_boolean_or() (parse.cxx:3377)

valgrind seems right, functioncall_security_check::visit_embeddedcode does:

  // Don't allow /* guru */ functions unless caller is privileged.
  if (!call->synthetic && !call->tok->location.file->privileged &&
      s->tagged_p ("/* guru */"))
    throw SEMANTIC_ERROR (_("function may not be used unless -g is specified"),
                          call->tok);

Checking the functioncall synthetic field.
But that seems never have been initialized at parse.cxx:4044 we see:

          struct functioncall* f = new functioncall;
          f->tok = t;
          f->function = name;

There are some code paths that set functioncall synthetic to true. Maybe the
default initialization should be false for this field?

-- 
You are receiving this mail because:
You are the assignee for the bug.

next             reply	other threads:[~2021-05-31 12:21 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-05-31 12:21 mark at klomp dot org [this message]
2021-05-31 12:22 ` [Bug translator/27933] " mcermak at redhat dot com
2021-06-02 14:07 ` ahajkova at redhat dot com
2021-06-02 14:19 ` ahajkova at redhat dot com
2021-06-02 17:02 ` fche at redhat dot com

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-27933-6586@http.sourceware.org/bugzilla/ \
    --to=sourceware-bugzilla@sourceware.org \
    --cc=systemtap@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).