[jira] Commented: (STDCXX-597) purify reports uninitialized memory read in _rw_get_char

Travis Vitek (JIRA) Fri, 29 Feb 2008 11:10:00 -0800

    [ 
https://issues.apache.org/jira/browse/STDCXX-597?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12573905#action_12573905
 ]


Travis Vitek commented on STDCXX-597:
-------------------------------------

The test_access() function in 21.string.access.cpp uses rw_match() to verify 
that two empty strings are equal. It does so with a line that looks something 
like this...

        const bool success = 1 == rw_match (exp_res, pres, 1);

Here is a simplified testcase that shows the UMR when misusing rw_match().

{noformat}
#include <rw_char.h> // for rw_match()
#include <stdlib.h>     // for malloc()

int main ()
{
    char* s = (char*)malloc (10);
    *s = '\0';

    const char u [2] = {
        '\0', '\0'
    };

    rw_match (u, s, 1);

    free (s)

    return 0;
}
{noformat}

The problem is that the string `s' only has 1 byte of initialized data, and 
that one byte is the terminator for the string. The rw_match() function expects 
that the provided `len' is the number of characters before the null terminator. 
So this seems like a bug in test_access(), not in _rw_get_char.



> purify reports uninitialized memory read in _rw_get_char 
> ---------------------------------------------------------
>
>                 Key: STDCXX-597
>                 URL: https://issues.apache.org/jira/browse/STDCXX-597
>             Project: C++ Standard Library
>          Issue Type: Improvement
>          Components: Test Driver
>    Affects Versions: 4.2.0
>            Reporter: Travis Vitek
>            Assignee: Travis Vitek
>            Priority: Minor
>             Fix For: 4.2.1
>
>         Attachments: stdcxx-597.patch
>
>   Original Estimate: 2h
>  Remaining Estimate: 2h
>
> {noformat}
> ****  Purify instrumented ./21.string.access (pid 2878)  ****
> UMR: Uninitialized memory read:
>   * This is occurring while in thread 2878:
>     _rw_get_char(char const*, char const**, unsigned*) [char.cpp:562]
>     rw_match(char const*, char const*, unsigned) [char.cpp:816]
>      test_access<char, std::char_traits<char>, std::allocator<char> >(char, 
> std::char_traits<char>*, char*, StringFunc const&, StringTestCase const&) 
> [21.string.access.cpp:274]
>     test_access(StringFunc const&, StringTestCase const&) 
> [21.string.access.cpp:317]
>     _rw_test_case(StringFunc const&, StringTestCase const&,   (*)(StringFunc 
> const&, StringTestCase const&)) [21.strings.cpp:1298]
>     _rw_run_cases(StringFunc const&, StringTest const&) [21.strings.cpp:1353]
>   * Reading 1 byte from 0x8182256 in the heap.
>   * Address 0x8182256 is 14 bytes into a malloc'd block at 0x8182248 of 46 
> bytes.
>   * This block was allocated from thread -1207973632:
>     malloc         [rtlib.o]
>     operator new(unsigned) [libstd15d.so]
>     __rw::__rw_allocate(unsigned, int) [memory.cpp:53]
>     std::allocator<char>::allocate(unsigned,  const*) [_allocator.h:144]
>     std::string<char, std::char_traits<char>, 
> std::allocator<char>>::_C_get_rep(unsigned, unsigned) [string.cc:102]
>     std::string<char, std::char_traits<char>, 
> std::allocator<char>>::string<char, std::char_traits<char>, 
> std::allocator<char>>[not-in-charge](char const*, unsigned, 
> std::allocator<char> const&) [string.cc:180]
> ****  Purify instrumented ./21.string.access (pid 2878)  ****
> UMR: Uninitialized memory read:
>   * This is occurring while in thread 2878:
>     _rw_get_char(char const*, char const**, unsigned*) [char.cpp:562]
>     rw_match(char const*, char const*, unsigned) [char.cpp:816]
>      test_access<char, UserTraits<char>, std::allocator<char> >(char, 
> UserTraits<char>*, char*, StringFunc const&, StringTestCase const&) 
> [21.string.access.cpp:274]
>     test_access(StringFunc const&, StringTestCase const&) 
> [21.string.access.cpp:317]
>     _rw_test_case(StringFunc const&, StringTestCase const&,   (*)(StringFunc 
> const&, StringTestCase const&)) [21.strings.cpp:1298]
>     _rw_run_cases(StringFunc const&, StringTest const&) [21.strings.cpp:1353]
>   * Reading 1 byte from 0x818d5a6 in the heap.
>   * Address 0x818d5a6 is 14 bytes into a malloc'd block at 0x818d598 of 46 
> bytes.
>   * This block was allocated from thread -1207973632:
>     malloc         [rtlib.o]
>     operator new(unsigned) [libstd15d.so]
>     __rw::__rw_allocate(unsigned, int) [memory.cpp:53]
>     std::allocator<char>::allocate(unsigned,  const*) [_allocator.h:144]
>     std::basic_string<char, std::char_traits<char>, 
> std::allocator<char>><char, UserTraits<char>, std::allocator<char> 
> >::_C_get_rep(unsigned, unsigned) [string.cc:102]
>     std::basic_string<char, std::char_traits<char>, 
> std::allocator<char>><char, UserTraits<char>, std::allocator<char> 
> >::basic_string<char, std::char_traits<char>, 
> std::allocator<char>>[not-in-charge](char const*, unsigned, 
> std::allocator<char> const&) [string.cc:180] 
> {noformat}

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (STDCXX-597) purify reports uninitialized memory read in _rw_get_char

Reply via email to