From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sourceware-bugzilla@sourceware.org>
Received: by sourceware.org (Postfix, from userid 48)
 id D97E2384F028; Mon, 31 May 2021 12:21:28 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org D97E2384F028
From: "mark at klomp dot org" <sourceware-bugzilla@sourceware.org>
To: systemtap@sourceware.org
Subject: [Bug translator/27933] New: Use of unitialized functioncall
 synthetic field in
Date: Mon, 31 May 2021 12:21:28 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: systemtap
X-Bugzilla-Component: translator
X-Bugzilla-Version: unspecified
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: mark at klomp dot org
X-Bugzilla-Status: NEW
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: systemtap at sourceware dot org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status
 bug_severity priority component assigned_to reporter target_milestone
Message-ID: <bug-27933-6586@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: systemtap@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Systemtap mailing list <systemtap.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/systemtap>,
 <mailto:systemtap-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/systemtap/>
List-Help: <mailto:systemtap-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/systemtap>,
 <mailto:systemtap-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Mon, 31 May 2021 12:21:29 -0000

https://sourceware.org/bugzilla/show_bug.cgi?id=3D27933

            Bug ID: 27933
           Summary: Use of unitialized functioncall synthetic field in
           Product: systemtap
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: translator
          Assignee: systemtap at sourceware dot org
          Reporter: mark at klomp dot org
  Target Milestone: ---

Running the helloworld.stp example under valgrind gives:

 =3D=3D113473=3D=3D Conditional jump or move depends on uninitialised value=
(s)
 =3D=3D113473=3D=3D    at 0x1EE356:
functioncall_security_check::visit_embeddedcode(embeddedcode*)
(elaborate.cxx:3140)
 =3D=3D113473=3D=3D    by 0x1EAC50: UnknownInlinedFun (elaborate.cxx:3110)
 =3D=3D113473=3D=3D    by 0x1EAC50: symresolution_info::find_functions(func=
tioncall*,
std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<cha=
r> >
const&, unsigned int, token const*) (elaborate.cxx:3268)
 =3D=3D113473=3D=3D    by 0x1ED93B:
symresolution_info::visit_functioncall(functioncall*) (elaborate.cxx:2946)
 =3D=3D113473=3D=3D    by 0x1E93BB: symresolution_info::visit_block(block*)
(elaborate.cxx:2610)
 =3D=3D113473=3D=3D    by 0x1E93BB: symresolution_info::visit_block(block*)
(elaborate.cxx:2610)
 =3D=3D113473=3D=3D    by 0x1E83E4: semantic_pass_symbols(systemtap_session=
&) [clone
.lto_priv.0] (elaborate.cxx:1977)
 =3D=3D113473=3D=3D    by 0x19BCCE: UnknownInlinedFun (elaborate.cxx:2540)
 =3D=3D113473=3D=3D    by 0x19BCCE: passes_0_4(systemtap_session&) (main.cx=
x:1049)
 =3D=3D113473=3D=3D    by 0x18FB73: main (main.cxx:1534)
 =3D=3D113473=3D=3D  Uninitialised value was created by a heap allocation
 =3D=3D113473=3D=3D    at 0x4840FF5: operator new(unsigned long)
(vg_replace_malloc.c:417)=20
 =3D=3D113473=3D=3D    by 0x1C4E22: UnknownInlinedFun (parse.cxx:4044)
 =3D=3D113473=3D=3D    by 0x1C4E22: parser::parse_value() (parse.cxx:3795)
 =3D=3D113473=3D=3D    by 0x1C59E9: parser::parse_dwarf_value() (parse.cxx:=
3732)
 =3D=3D113473=3D=3D    by 0x1C6C0D: UnknownInlinedFun (parse.cxx:3690)
 =3D=3D113473=3D=3D    by 0x1C6C0D: parser::parse_unary() (parse.cxx:3664)
 =3D=3D113473=3D=3D    by 0x1C6ECF: parser::parse_multiplicative() (parse.c=
xx:3625)
 =3D=3D113473=3D=3D    by 0x1C7023: parser::parse_additive() (parse.cxx:360=
2)
 =3D=3D113473=3D=3D    by 0x1BB25F: parser::parse_concatenation() (parse.cx=
x:3578)
 =3D=3D113473=3D=3D    by 0x1BB39F: parser::parse_shift() (parse.cxx:3555)
 =3D=3D113473=3D=3D    by 0x1BBCDB: UnknownInlinedFun (parse.cxx:3513)
 =3D=3D113473=3D=3D    by 0x1BBCDB: parser::parse_array_in() (parse.cxx:346=
5)
 =3D=3D113473=3D=3D    by 0x1BC2CF: parser::parse_boolean_and() (parse.cxx:=
3421)
 =3D=3D113473=3D=3D    by 0x1BC40F: parser::parse_boolean_xor() (parse.cxx:=
3399)
 =3D=3D113473=3D=3D    by 0x1BC54F: parser::parse_boolean_or() (parse.cxx:3=
377)

valgrind seems right, functioncall_security_check::visit_embeddedcode does:

  // Don't allow /* guru */ functions unless caller is privileged.
  if (!call->synthetic && !call->tok->location.file->privileged &&
      s->tagged_p ("/* guru */"))
    throw SEMANTIC_ERROR (_("function may not be used unless -g is specifie=
d"),
                          call->tok);

Checking the functioncall synthetic field.
But that seems never have been initialized at parse.cxx:4044 we see:

          struct functioncall* f =3D new functioncall;
          f->tok =3D t;
          f->function =3D name;

There are some code paths that set functioncall synthetic to true. Maybe the
default initialization should be false for this field?

--=20
You are receiving this mail because:
You are the assignee for the bug.=