stdcxx-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Travis Vitek (JIRA)" <j...@apache.org>
Subject [jira] Commented: (STDCXX-597) purify reports uninitialized memory read in _rw_get_char
Date Fri, 29 Feb 2008 22:05:52 GMT

    [ https://issues.apache.org/jira/browse/STDCXX-597?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12573981#action_12573981
] 

Travis Vitek commented on STDCXX-597:
-------------------------------------

Inside _rw_get_char(), *count is not the length of the src string as I had originally expected.
It is essentially the number of character 'tokens' that we expect the src string to have.
Unfortunately, this is not enough information. We need to know the length of the src buffer
so that we can avoid reading past the end of the string. The above testcase shows the problem,
but you need to debug into rw_match() to see it.

This is a problem that could cause unexpected test failures. If _rw_get_char() is given a
pointer to the null terminator at the end of a string, and the characters following that null
terminator just happen to be '@N' where N is some positive integer value, we will get unexpected
results because _rw_get_char() will think that it was given the input string "\0@N", when
in all reality it was just given an empty string. The bottom line is that if your function
is supposed to handle embedded nulls, you need to allow the user to provide a length for each
buffer that is passed in.

> purify reports uninitialized memory read in _rw_get_char 
> ---------------------------------------------------------
>
>                 Key: STDCXX-597
>                 URL: https://issues.apache.org/jira/browse/STDCXX-597
>             Project: C++ Standard Library
>          Issue Type: Improvement
>          Components: Test Driver
>    Affects Versions: 4.2.0
>            Reporter: Travis Vitek
>            Assignee: Travis Vitek
>            Priority: Minor
>             Fix For: 4.2.1
>
>   Original Estimate: 2h
>          Time Spent: 4h
>  Remaining Estimate: 0h
>
> {noformat}
> ****  Purify instrumented ./21.string.access (pid 2878)  ****
> UMR: Uninitialized memory read:
>   * This is occurring while in thread 2878:
>     _rw_get_char(char const*, char const**, unsigned*) [char.cpp:562]
>     rw_match(char const*, char const*, unsigned) [char.cpp:816]
>      test_access<char, std::char_traits<char>, std::allocator<char> >(char,
std::char_traits<char>*, char*, StringFunc const&, StringTestCase const&) [21.string.access.cpp:274]
>     test_access(StringFunc const&, StringTestCase const&) [21.string.access.cpp:317]
>     _rw_test_case(StringFunc const&, StringTestCase const&,   (*)(StringFunc
const&, StringTestCase const&)) [21.strings.cpp:1298]
>     _rw_run_cases(StringFunc const&, StringTest const&) [21.strings.cpp:1353]
>   * Reading 1 byte from 0x8182256 in the heap.
>   * Address 0x8182256 is 14 bytes into a malloc'd block at 0x8182248 of 46 bytes.
>   * This block was allocated from thread -1207973632:
>     malloc         [rtlib.o]
>     operator new(unsigned) [libstd15d.so]
>     __rw::__rw_allocate(unsigned, int) [memory.cpp:53]
>     std::allocator<char>::allocate(unsigned,  const*) [_allocator.h:144]
>     std::string<char, std::char_traits<char>, std::allocator<char>>::_C_get_rep(unsigned,
unsigned) [string.cc:102]
>     std::string<char, std::char_traits<char>, std::allocator<char>>::string<char,
std::char_traits<char>, std::allocator<char>>[not-in-charge](char const*, unsigned,
std::allocator<char> const&) [string.cc:180]
> ****  Purify instrumented ./21.string.access (pid 2878)  ****
> UMR: Uninitialized memory read:
>   * This is occurring while in thread 2878:
>     _rw_get_char(char const*, char const**, unsigned*) [char.cpp:562]
>     rw_match(char const*, char const*, unsigned) [char.cpp:816]
>      test_access<char, UserTraits<char>, std::allocator<char> >(char,
UserTraits<char>*, char*, StringFunc const&, StringTestCase const&) [21.string.access.cpp:274]
>     test_access(StringFunc const&, StringTestCase const&) [21.string.access.cpp:317]
>     _rw_test_case(StringFunc const&, StringTestCase const&,   (*)(StringFunc
const&, StringTestCase const&)) [21.strings.cpp:1298]
>     _rw_run_cases(StringFunc const&, StringTest const&) [21.strings.cpp:1353]
>   * Reading 1 byte from 0x818d5a6 in the heap.
>   * Address 0x818d5a6 is 14 bytes into a malloc'd block at 0x818d598 of 46 bytes.
>   * This block was allocated from thread -1207973632:
>     malloc         [rtlib.o]
>     operator new(unsigned) [libstd15d.so]
>     __rw::__rw_allocate(unsigned, int) [memory.cpp:53]
>     std::allocator<char>::allocate(unsigned,  const*) [_allocator.h:144]
>     std::basic_string<char, std::char_traits<char>, std::allocator<char>><char,
UserTraits<char>, std::allocator<char> >::_C_get_rep(unsigned, unsigned) [string.cc:102]
>     std::basic_string<char, std::char_traits<char>, std::allocator<char>><char,
UserTraits<char>, std::allocator<char> >::basic_string<char, std::char_traits<char>,
std::allocator<char>>[not-in-charge](char const*, unsigned, std::allocator<char>
const&) [string.cc:180] 
> {noformat}

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message