From: "mark at klomp dot org" <sourceware-bugzilla@sourceware.org>
To: systemtap@sourceware.org
Subject: [Bug translator/27933] New: Use of unitialized functioncall synthetic field in
Date: Mon, 31 May 2021 12:21:28 +0000 [thread overview]
Message-ID: <bug-27933-6586@http.sourceware.org/bugzilla/> (raw)
https://sourceware.org/bugzilla/show_bug.cgi?id=27933
Bug ID: 27933
Summary: Use of unitialized functioncall synthetic field in
Product: systemtap
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: translator
Assignee: systemtap at sourceware dot org
Reporter: mark at klomp dot org
Target Milestone: ---
Running the helloworld.stp example under valgrind gives:
==113473== Conditional jump or move depends on uninitialised value(s)
==113473== at 0x1EE356:
functioncall_security_check::visit_embeddedcode(embeddedcode*)
(elaborate.cxx:3140)
==113473== by 0x1EAC50: UnknownInlinedFun (elaborate.cxx:3110)
==113473== by 0x1EAC50: symresolution_info::find_functions(functioncall*,
std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >
const&, unsigned int, token const*) (elaborate.cxx:3268)
==113473== by 0x1ED93B:
symresolution_info::visit_functioncall(functioncall*) (elaborate.cxx:2946)
==113473== by 0x1E93BB: symresolution_info::visit_block(block*)
(elaborate.cxx:2610)
==113473== by 0x1E93BB: symresolution_info::visit_block(block*)
(elaborate.cxx:2610)
==113473== by 0x1E83E4: semantic_pass_symbols(systemtap_session&) [clone
.lto_priv.0] (elaborate.cxx:1977)
==113473== by 0x19BCCE: UnknownInlinedFun (elaborate.cxx:2540)
==113473== by 0x19BCCE: passes_0_4(systemtap_session&) (main.cxx:1049)
==113473== by 0x18FB73: main (main.cxx:1534)
==113473== Uninitialised value was created by a heap allocation
==113473== at 0x4840FF5: operator new(unsigned long)
(vg_replace_malloc.c:417)
==113473== by 0x1C4E22: UnknownInlinedFun (parse.cxx:4044)
==113473== by 0x1C4E22: parser::parse_value() (parse.cxx:3795)
==113473== by 0x1C59E9: parser::parse_dwarf_value() (parse.cxx:3732)
==113473== by 0x1C6C0D: UnknownInlinedFun (parse.cxx:3690)
==113473== by 0x1C6C0D: parser::parse_unary() (parse.cxx:3664)
==113473== by 0x1C6ECF: parser::parse_multiplicative() (parse.cxx:3625)
==113473== by 0x1C7023: parser::parse_additive() (parse.cxx:3602)
==113473== by 0x1BB25F: parser::parse_concatenation() (parse.cxx:3578)
==113473== by 0x1BB39F: parser::parse_shift() (parse.cxx:3555)
==113473== by 0x1BBCDB: UnknownInlinedFun (parse.cxx:3513)
==113473== by 0x1BBCDB: parser::parse_array_in() (parse.cxx:3465)
==113473== by 0x1BC2CF: parser::parse_boolean_and() (parse.cxx:3421)
==113473== by 0x1BC40F: parser::parse_boolean_xor() (parse.cxx:3399)
==113473== by 0x1BC54F: parser::parse_boolean_or() (parse.cxx:3377)
valgrind seems right, functioncall_security_check::visit_embeddedcode does:
// Don't allow /* guru */ functions unless caller is privileged.
if (!call->synthetic && !call->tok->location.file->privileged &&
s->tagged_p ("/* guru */"))
throw SEMANTIC_ERROR (_("function may not be used unless -g is specified"),
call->tok);
Checking the functioncall synthetic field.
But that seems never have been initialized at parse.cxx:4044 we see:
struct functioncall* f = new functioncall;
f->tok = t;
f->function = name;
There are some code paths that set functioncall synthetic to true. Maybe the
default initialization should be false for this field?
--
You are receiving this mail because:
You are the assignee for the bug.
next reply other threads:[~2021-05-31 12:21 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-31 12:21 mark at klomp dot org [this message]
2021-05-31 12:22 ` [Bug translator/27933] " mcermak at redhat dot com
2021-06-02 14:07 ` ahajkova at redhat dot com
2021-06-02 14:19 ` ahajkova at redhat dot com
2021-06-02 17:02 ` fche at redhat dot com
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-27933-6586@http.sourceware.org/bugzilla/ \
--to=sourceware-bugzilla@sourceware.org \
--cc=systemtap@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).