GNU bug report logs -
#72251
defect found by covscan in diffutils-3.10 (gnulibs)
Previous Next
Reported by: Wasser Mai <wasser19641 <at> gmail.com>
Date: Tue, 23 Jul 2024 06:39:01 UTC
Severity: normal
Tags: notabug
Done: Paul Eggert <eggert <at> cs.ucla.edu>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 72251 in the body.
You can then email your comments to 72251 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-diffutils <at> gnu.org:
bug#72251; Package
diffutils.
(Tue, 23 Jul 2024 06:39:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Wasser Mai <wasser19641 <at> gmail.com>:
New bug report received and forwarded. Copy sent to
bug-diffutils <at> gnu.org.
(Tue, 23 Jul 2024 06:39:01 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
There's a following defect in diffutils-3.10 (gnulib) found by
covscan. The memory dfa->eclosure points to is not initialized. It
looks like a true positive.
Error: UNINIT (CWE-457):
diffutils-3.10/lib/regcomp.c:1134: alloc_fn: Calling "malloc" which
returns uninitialized memory.
diffutils-3.10/lib/regcomp.c:1134: assign: Assigning: "dfa->eclosures"
= "(re_node_set *)malloc(dfa->nodes_alloc * 24UL)", which points to
uninitialized data.
diffutils-3.10/lib/regcomp.c:1177: uninit_use_in_call: Using
uninitialized value "dfa->eclosures->elems" when calling
"calc_inveclosure".
diffutils-3.10/lib/regcomp.c:1177: uninit_use_in_call: Using
uninitialized value "dfa->eclosures->nelem" when calling
"calc_inveclosure".
# 1226| if (__glibc_unlikely (dfa->inveclosures == NULL))
# 1227| return REG_ESPACE;
# 1228|-> ret = calc_inveclosure (dfa);
# 1229| }
# 1230|
maybe add a loop to iterate through all elements and call
re_node_set_init_empty to initialize each element like this?
diff -up diffutils-3.10/lib/regcomp.c.orig diffutils-3.10/lib/regcomp.c
--- diffutils-3.10/lib/regcomp.c.orig 2024-07-22 19:06:27.783986757 +0200
+++ diffutils-3.10/lib/regcomp.c 2024-07-22 19:10:41.303397164 +0200
@@ -1136,6 +1136,10 @@ analyze (regex_t *preg)
|| dfa->edests == NULL || dfa->eclosures == NULL))
return REG_ESPACE;
+ // Initialize each element (for example, set them all to an empty node set)
+ for (Idx i = 0; i < dfa->nodes_alloc; ++i) {
+ re_node_set_init_empty(dfa->eclosures + i);
+ }
dfa->subexp_map = re_malloc (Idx, preg->re_nsub);
if (dfa->subexp_map != NULL)
{
Thanks!
Wasser
Information forwarded
to
bug-diffutils <at> gnu.org:
bug#72251; Package
diffutils.
(Thu, 25 Jul 2024 05:38:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 72251 <at> debbugs.gnu.org (full text, mbox):
On 2024-07-22 10:29, Wasser Mai wrote:
> There's a following defect in diffutils-3.10 (gnulib) found by
> covscan. The memory dfa->eclosure points to is not initialized. It
> looks like a true positive.
It doesn't look like a true positive to me. The 'postorder' function
initializes that memory, but covscan isn't smart enough to see that.
These days almost everything Coverity reports for core GNU utilities is
a false positive, unfortunately.
Added tag(s) notabug.
Request was from
Paul Eggert <eggert <at> cs.ucla.edu>
to
control <at> debbugs.gnu.org.
(Mon, 24 Mar 2025 23:30:06 GMT)
Full text and
rfc822 format available.
bug closed, send any further explanations to
72251 <at> debbugs.gnu.org and Wasser Mai <wasser19641 <at> gmail.com>
Request was from
Paul Eggert <eggert <at> cs.ucla.edu>
to
control <at> debbugs.gnu.org.
(Mon, 24 Mar 2025 23:30:06 GMT)
Full text and
rfc822 format available.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Tue, 22 Apr 2025 11:24:12 GMT)
Full text and
rfc822 format available.
This bug report was last modified 59 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.