On Mon, Feb 09, 2015 at 06:24:35PM -0500, Jeff King wrote:
> Clang's address sanitizer has compiler support, so it does get to see
> this memory and could put a canary value in for each loop iteration. But
> it doesn't. Instead, you're supposed to use the "memory sanitizer" to
> catch uninitialized memory.
>
> I tried that, but got overwhelmed with false positives. Like valgrind,
> it has problems accepting that memory written by zlib is actually
> initialized. But in theory, if we went to the work to annotate some
> false positives, it should be able to find this problem.
I got rid of the false positives here, through a combination of
compiling with NO_OPENSSL (since it otherwise doesn't know that
git_SHA1_Final is initializing hashes), and this patch which lets it
assume that the output of zlib (at least for these cases) is always
initialized:
diff --git a/sha1_file.c b/sha1_file.c
index 30995e6..28c8f84 100644
--- a/sha1_file.c
+++ b/sha1_file.c
@@ -1682,6 +1682,7 @@ unsigned long get_size_from_delta(struct packed_git *p,
git_zstream stream;
int st;
+ memset(delta_head, 0, 20);
memset(&stream, 0, sizeof(stream));
stream.next_out = delta_head;
stream.avail_out = sizeof(delta_head);
@@ -1973,6 +1974,7 @@ static void *unpack_compressed_entry(struct packed_git *p,
buffer = xmallocz_gently(size);
if (!buffer)
return NULL;
+ memset(buffer, 0, size);
memset(&stream, 0, sizeof(stream));
stream.next_out = buffer;
stream.avail_out = size + 1;
Sadly, though, the test case in question runs to completion. It does not
seem to detect our use of uninitialized memory. :(
-Peff
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
