stdcxx-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Travis Vitek (JIRA)" <j...@apache.org>
Subject [jira] Commented: (STDCXX-597) purify reports uninitialized memory read in _rw_get_char
Date Fri, 29 Feb 2008 19:08:51 GMT

    [ https://issues.apache.org/jira/browse/STDCXX-597?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12573905#action_12573905
] 

Travis Vitek commented on STDCXX-597:
-------------------------------------

The test_access() function in 21.string.access.cpp uses rw_match() to verify that two empty
strings are equal. It does so with a line that looks something like this...

        const bool success = 1 == rw_match (exp_res, pres, 1);

Here is a simplified testcase that shows the UMR when misusing rw_match().

{noformat}
#include <rw_char.h> // for rw_match()
#include <stdlib.h>     // for malloc()

int main ()
{
    char* s = (char*)malloc (10);
    *s = '\0';

    const char u [2] = {
        '\0', '\0'
    };

    rw_match (u, s, 1);

    free (s)

    return 0;
}
{noformat}

The problem is that the string `s' only has 1 byte of initialized data, and that one byte
is the terminator for the string. The rw_match() function expects that the provided `len'
is the number of characters before the null terminator. So this seems like a bug in test_access(),
not in _rw_get_char.



> purify reports uninitialized memory read in _rw_get_char 
> ---------------------------------------------------------
>
>                 Key: STDCXX-597
>                 URL: https://issues.apache.org/jira/browse/STDCXX-597
>             Project: C++ Standard Library
>          Issue Type: Improvement
>          Components: Test Driver
>    Affects Versions: 4.2.0
>            Reporter: Travis Vitek
>            Assignee: Travis Vitek
>            Priority: Minor
>             Fix For: 4.2.1
>
>         Attachments: stdcxx-597.patch
>
>   Original Estimate: 2h
>  Remaining Estimate: 2h
>
> {noformat}
> ****  Purify instrumented ./21.string.access (pid 2878)  ****
> UMR: Uninitialized memory read:
>   * This is occurring while in thread 2878:
>     _rw_get_char(char const*, char const**, unsigned*) [char.cpp:562]
>     rw_match(char const*, char const*, unsigned) [char.cpp:816]
>      test_access<char, std::char_traits<char>, std::allocator<char> >(char,
std::char_traits<char>*, char*, StringFunc const&, StringTestCase const&) [21.string.access.cpp:274]
>     test_access(StringFunc const&, StringTestCase const&) [21.string.access.cpp:317]
>     _rw_test_case(StringFunc const&, StringTestCase const&,   (*)(StringFunc
const&, StringTestCase const&)) [21.strings.cpp:1298]
>     _rw_run_cases(StringFunc const&, StringTest const&) [21.strings.cpp:1353]
>   * Reading 1 byte from 0x8182256 in the heap.
>   * Address 0x8182256 is 14 bytes into a malloc'd block at 0x8182248 of 46 bytes.
>   * This block was allocated from thread -1207973632:
>     malloc         [rtlib.o]
>     operator new(unsigned) [libstd15d.so]
>     __rw::__rw_allocate(unsigned, int) [memory.cpp:53]
>     std::allocator<char>::allocate(unsigned,  const*) [_allocator.h:144]
>     std::string<char, std::char_traits<char>, std::allocator<char>>::_C_get_rep(unsigned,
unsigned) [string.cc:102]
>     std::string<char, std::char_traits<char>, std::allocator<char>>::string<char,
std::char_traits<char>, std::allocator<char>>[not-in-charge](char const*, unsigned,
std::allocator<char> const&) [string.cc:180]
> ****  Purify instrumented ./21.string.access (pid 2878)  ****
> UMR: Uninitialized memory read:
>   * This is occurring while in thread 2878:
>     _rw_get_char(char const*, char const**, unsigned*) [char.cpp:562]
>     rw_match(char const*, char const*, unsigned) [char.cpp:816]
>      test_access<char, UserTraits<char>, std::allocator<char> >(char,
UserTraits<char>*, char*, StringFunc const&, StringTestCase const&) [21.string.access.cpp:274]
>     test_access(StringFunc const&, StringTestCase const&) [21.string.access.cpp:317]
>     _rw_test_case(StringFunc const&, StringTestCase const&,   (*)(StringFunc
const&, StringTestCase const&)) [21.strings.cpp:1298]
>     _rw_run_cases(StringFunc const&, StringTest const&) [21.strings.cpp:1353]
>   * Reading 1 byte from 0x818d5a6 in the heap.
>   * Address 0x818d5a6 is 14 bytes into a malloc'd block at 0x818d598 of 46 bytes.
>   * This block was allocated from thread -1207973632:
>     malloc         [rtlib.o]
>     operator new(unsigned) [libstd15d.so]
>     __rw::__rw_allocate(unsigned, int) [memory.cpp:53]
>     std::allocator<char>::allocate(unsigned,  const*) [_allocator.h:144]
>     std::basic_string<char, std::char_traits<char>, std::allocator<char>><char,
UserTraits<char>, std::allocator<char> >::_C_get_rep(unsigned, unsigned) [string.cc:102]
>     std::basic_string<char, std::char_traits<char>, std::allocator<char>><char,
UserTraits<char>, std::allocator<char> >::basic_string<char, std::char_traits<char>,
std::allocator<char>>[not-in-charge](char const*, unsigned, std::allocator<char>
const&) [string.cc:180] 
> {noformat}

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message