[jira] Commented: (STDCXX-597) purify reports uninitialized memory read in _rw_get_char

Travis Vitek (JIRA) Fri, 29 Feb 2008 14:07:00 -0800

    [ 
https://issues.apache.org/jira/browse/STDCXX-597?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12573981#action_12573981
 ]


Travis Vitek commented on STDCXX-597:
-------------------------------------

Inside _rw_get_char(), *count is not the length of the src string as I had 
originally expected. It is essentially the number of character 'tokens' that we 
expect the src string to have. Unfortunately, this is not enough information. 
We need to know the length of the src buffer so that we can avoid reading past 
the end of the string. The above testcase shows the problem, but you need to 
debug into rw_match() to see it.

This is a problem that could cause unexpected test failures. If _rw_get_char() 
is given a pointer to the null terminator at the end of a string, and the 
characters following that null terminator just happen to be '@N' where N is 
some positive integer value, we will get unexpected results because 
_rw_get_char() will think that it was given the input string "[EMAIL 
PROTECTED]", when in all reality it was just given an empty string. The bottom 
line is that if your function is supposed to handle embedded nulls, you need to 
allow the user to provide a length for each buffer that is passed in.

> purify reports uninitialized memory read in _rw_get_char 
> ---------------------------------------------------------
>
>                 Key: STDCXX-597
>                 URL: https://issues.apache.org/jira/browse/STDCXX-597
>             Project: C++ Standard Library
>          Issue Type: Improvement
>          Components: Test Driver
>    Affects Versions: 4.2.0
>            Reporter: Travis Vitek
>            Assignee: Travis Vitek
>            Priority: Minor
>             Fix For: 4.2.1
>
>   Original Estimate: 2h
>          Time Spent: 4h
>  Remaining Estimate: 0h
>
> {noformat}
> ****  Purify instrumented ./21.string.access (pid 2878)  ****
> UMR: Uninitialized memory read:
>   * This is occurring while in thread 2878:
>     _rw_get_char(char const*, char const**, unsigned*) [char.cpp:562]
>     rw_match(char const*, char const*, unsigned) [char.cpp:816]
>      test_access<char, std::char_traits<char>, std::allocator<char> >(char, 
> std::char_traits<char>*, char*, StringFunc const&, StringTestCase const&) 
> [21.string.access.cpp:274]
>     test_access(StringFunc const&, StringTestCase const&) 
> [21.string.access.cpp:317]
>     _rw_test_case(StringFunc const&, StringTestCase const&,   (*)(StringFunc 
> const&, StringTestCase const&)) [21.strings.cpp:1298]
>     _rw_run_cases(StringFunc const&, StringTest const&) [21.strings.cpp:1353]
>   * Reading 1 byte from 0x8182256 in the heap.
>   * Address 0x8182256 is 14 bytes into a malloc'd block at 0x8182248 of 46 
> bytes.
>   * This block was allocated from thread -1207973632:
>     malloc         [rtlib.o]
>     operator new(unsigned) [libstd15d.so]
>     __rw::__rw_allocate(unsigned, int) [memory.cpp:53]
>     std::allocator<char>::allocate(unsigned,  const*) [_allocator.h:144]
>     std::string<char, std::char_traits<char>, 
> std::allocator<char>>::_C_get_rep(unsigned, unsigned) [string.cc:102]
>     std::string<char, std::char_traits<char>, 
> std::allocator<char>>::string<char, std::char_traits<char>, 
> std::allocator<char>>[not-in-charge](char const*, unsigned, 
> std::allocator<char> const&) [string.cc:180]
> ****  Purify instrumented ./21.string.access (pid 2878)  ****
> UMR: Uninitialized memory read:
>   * This is occurring while in thread 2878:
>     _rw_get_char(char const*, char const**, unsigned*) [char.cpp:562]
>     rw_match(char const*, char const*, unsigned) [char.cpp:816]
>      test_access<char, UserTraits<char>, std::allocator<char> >(char, 
> UserTraits<char>*, char*, StringFunc const&, StringTestCase const&) 
> [21.string.access.cpp:274]
>     test_access(StringFunc const&, StringTestCase const&) 
> [21.string.access.cpp:317]
>     _rw_test_case(StringFunc const&, StringTestCase const&,   (*)(StringFunc 
> const&, StringTestCase const&)) [21.strings.cpp:1298]
>     _rw_run_cases(StringFunc const&, StringTest const&) [21.strings.cpp:1353]
>   * Reading 1 byte from 0x818d5a6 in the heap.
>   * Address 0x818d5a6 is 14 bytes into a malloc'd block at 0x818d598 of 46 
> bytes.
>   * This block was allocated from thread -1207973632:
>     malloc         [rtlib.o]
>     operator new(unsigned) [libstd15d.so]
>     __rw::__rw_allocate(unsigned, int) [memory.cpp:53]
>     std::allocator<char>::allocate(unsigned,  const*) [_allocator.h:144]
>     std::basic_string<char, std::char_traits<char>, 
> std::allocator<char>><char, UserTraits<char>, std::allocator<char> 
> >::_C_get_rep(unsigned, unsigned) [string.cc:102]
>     std::basic_string<char, std::char_traits<char>, 
> std::allocator<char>><char, UserTraits<char>, std::allocator<char> 
> >::basic_string<char, std::char_traits<char>, 
> std::allocator<char>>[not-in-charge](char const*, unsigned, 
> std::allocator<char> const&) [string.cc:180] 
> {noformat}

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (STDCXX-597) purify reports uninitialized memory read in _rw_get_char

Reply via email to