Bram Moolenaar wrote:
> Patch 7.2.167
> Problem: Splint doesn't work well for checking the code.
> Solution: Add splint arguments in the Makefile. Exclude some code from
> splint that it can't handle. Tune splint arguments to give
> reasonable errors. Add a filter for removing false warnings from
> splint output. Many small changes to avoid warnings. More to
> follow...
> Files: Filelist, src/Makefile, src/buffer.c, src/charset.c,
> src/cleanlint.vim, src/digraph.c, src/edit.c, src/ex_cmds.c,
> src/globals.h, src/ops.c, src/os_unix.c, src/os_unix.h,
> src/proto/buffer.pro, src/proto/edit.pro, src/screen.c,
> src/structs.h
Patch 7.2.167 introduces a regression: test40 fails on one of
my machine (Linux x86_64) but succeeds on another (Linux x86).
Running test40 with valgrind reveals this error (on both machines):
==10911== Conditional jump or move depends on uninitialised value(s)
==10911== at 0x80521F4: buf_same_ino (buffer.c:2944)
==10911== by 0x805212E: otherfile_buf (buffer.c:2905)
==10911== by 0x8050F21: buflist_findname_stat (buffer.c:2013)
==10911== by 0x80502F9: buflist_new (buffer.c:1519)
==10911== by 0x8092A3F: do_ecmd (ex_cmds.c:3308)
==10911== by 0x80A96DF: do_exedit (ex_docmd.c:7584)
==10911== by 0x80A9356: ex_edit (ex_docmd.c:7479)
==10911== by 0x80A1EE3: do_one_cmd (ex_docmd.c:2622)
==10911== by 0x809F763: do_cmdline (ex_docmd.c:1096)
==10911== by 0x8124EB0: nv_colon (normal.c:5227)
==10911== by 0x811E6C8: normal_cmd (normal.c:1189)
==10911== by 0x80E1745: main_loop (main.c:1180)
==10911== by 0x80E1292: main (main.c:939)
src/buffer.c:
2939 static int
2940 buf_same_ino(buf, stp)
2941 buf_T *buf;
2942 struct stat *stp;
2943 {
2944 return (buf->b_dev >= 0
2945 && stp->st_dev == buf->b_dev
2946 && stp->st_ino == buf->b_ino);
2947 }
2948 #endif
Test 'buf->b_dev >= 0' at buffer.c:2940 is incorrect because
type of b_dev field is now 'dev_t' which appears to be
unsigned so test is always true (prior to patch 7.2.167,
type was 'int'). So Vim accesses stp->st_ino which is
uninitialized.
Attached patch fixes the problem. All tests are OK after
applying attached patch.
Regards
-- Dominique
--~--~---------~--~----~------------~-------~--~----~
You received this message from the "vim_dev" maillist.
For more information, visit http://www.vim.org/maillist.php
-~----------~----~----~----~------~----~------~--~---
Index: buffer.c
===================================================================
RCS file: /cvsroot/vim/vim7/src/buffer.c,v
retrieving revision 1.90
diff -c -r1.90 buffer.c
*** buffer.c 13 May 2009 10:49:40 -0000 1.90
--- buffer.c 13 May 2009 13:35:02 -0000
***************
*** 2889,2895 ****
/* If no struct stat given, get it now */
if (stp == NULL)
{
! if (buf->b_dev < 0 || mch_stat((char *)ffname, &st) < 0)
st.st_dev = (dev_T)-1;
stp = &st;
}
--- 2889,2895 ----
/* If no struct stat given, get it now */
if (stp == NULL)
{
! if (buf->b_dev == (dev_t)-1 || mch_stat((char *)ffname, &st) < 0)
st.st_dev = (dev_T)-1;
stp = &st;
}
***************
*** 2941,2947 ****
buf_T *buf;
struct stat *stp;
{
! return (buf->b_dev >= 0
&& stp->st_dev == buf->b_dev
&& stp->st_ino == buf->b_ino);
}
--- 2941,2947 ----
buf_T *buf;
struct stat *stp;
{
! return (buf->b_dev != (dev_t)-1
&& stp->st_dev == buf->b_dev
&& stp->st_ino == buf->b_ino);
}
