GNU bug report logs -
#8227
possibly uninitialized variables in update_window_fringes
Previous Next
Reported by: Paul Eggert <eggert <at> cs.ucla.edu>
Date: Thu, 10 Mar 2011 23:46:02 UTC
Severity: minor
Done: Paul Eggert <eggert <at> cs.ucla.edu>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 8227 in the body.
You can then email your comments to 8227 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#8227; Package
emacs.
(Thu, 10 Mar 2011 23:46:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Paul Eggert <eggert <at> cs.ucla.edu>:
New bug report received and forwarded. Copy sent to
bug-gnu-emacs <at> gnu.org.
(Thu, 10 Mar 2011 23:46:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Severity: minor
I found this problem by compiling Emacs with GCC's -Wuninitialized flag.
The following code in the Emacs trunk src/fringe.c's
update_window_fringes function might be using uninitialized
variables:
int top_row_ends_at_zv_p, bot_row_ends_at_zv_p;
...
if (top_ind_rn >= 0)
{
...
top_row_ends_at_zv_p = row->ends_at_zv_p;
}
...
for (y = w->vscroll, rn = 0;
y < yb && rn < nrows;
y += row->height, rn++)
{
...
if (WINDOW_LEFT_FRINGE_WIDTH (w) == 0)
...
else if (row->left_user_fringe_bitmap != NO_FRINGE_BITMAP)
...
else if ((!row->reversed_p && row->truncated_on_left_p)
|| (row->reversed_p && row->truncated_on_right_p))
...
else if (row->indicate_bob_p && EQ (boundary_top, Qleft))
{
left = ((row->indicate_eob_p && EQ (boundary_bot, Qleft))
? LEFT_FRINGE (1, Qtop_bottom, top_row_ends_at_zv_p)
: LEFT_FRINGE (2, Qtop, 0));
...
}
The last assignment uses top_row_ends_at_zv_p, but it's not clear
from the previous tests that top_row_ends_at_zv_p must be initialized.
There is a similar issue with bot_row_ends_at_zv_p.
I'm filing a bug report so that someone who is more expert in this
code can take a look at it. In the meantime, I plan to work around
the problem by initializing the two local variables to 0, with a FIXME
explaining the situation: this shouldn't introduce a bug, because at
worst it will replace undefined behavior with defined behavior.
I'm CC'ing this to YAMAMOTO Mitsuharu, who committed the code in
question.
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#8227; Package
emacs.
(Fri, 11 Mar 2011 01:32:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 8227 <at> debbugs.gnu.org (full text, mbox):
>>>>> On Thu, 10 Mar 2011 15:45:19 -0800, Paul Eggert <eggert <at> cs.ucla.edu> said:
> I found this problem by compiling Emacs with GCC's -Wuninitialized flag.
> The following code in the Emacs trunk src/fringe.c's
> update_window_fringes function might be using uninitialized
> variables:
> int top_row_ends_at_zv_p, bot_row_ends_at_zv_p;
> ...
> if (top_ind_rn >= 0)
> {
> ...
> top_row_ends_at_zv_p = row->ends_at_zv_p;
> }
> ...
> for (y = w->vscroll, rn = 0;
> y < yb && rn < nrows;
> y += row->height, rn++)
> {
> ...
> if (WINDOW_LEFT_FRINGE_WIDTH (w) == 0)
> ...
> else if (row->left_user_fringe_bitmap != NO_FRINGE_BITMAP)
> ...
> else if ((!row->reversed_p && row->truncated_on_left_p)
> || (row->reversed_p && row->truncated_on_right_p))
> ...
> else if (row->indicate_bob_p && EQ (boundary_top, Qleft))
> {
> left = ((row->indicate_eob_p && EQ (boundary_bot, Qleft))
> ? LEFT_FRINGE (1, Qtop_bottom, top_row_ends_at_zv_p)
> : LEFT_FRINGE (2, Qtop, 0));
> ...
> }
> The last assignment uses top_row_ends_at_zv_p, but it's not clear
> from the previous tests that top_row_ends_at_zv_p must be initialized.
> There is a similar issue with bot_row_ends_at_zv_p.
No problem. top_ind_rn is set to a non-negative value whenever
row->indicate_bob_p is set.
for (y = w->vscroll, rn = 0;
y < yb && rn < nrows;
y += row->height, ++rn)
{
...
if (!row->mode_line_p)
{
if (top_ind_rn < 0 && row->visible_height > 0)
{
if (MATRIX_ROW_START_CHARPOS (row) <= BUF_BEGV (XBUFFER (w->buffer))
&& !MATRIX_ROW_PARTIALLY_VISIBLE_AT_TOP_P (w, row))
row->indicate_bob_p = !NILP (boundary_top);
else
row->indicate_top_line_p = !NILP (arrow_top);
top_ind_rn = rn;
}
YAMAMOTO Mitsuharu
mituharu <at> math.s.chiba-u.ac.jp
Reply sent
to
Paul Eggert <eggert <at> cs.ucla.edu>:
You have taken responsibility.
(Fri, 11 Mar 2011 06:26:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Paul Eggert <eggert <at> cs.ucla.edu>:
bug acknowledged by developer.
(Fri, 11 Mar 2011 06:26:02 GMT)
Full text and
rfc822 format available.
Message #13 received at 8227-done <at> debbugs.gnu.org (full text, mbox):
On 03/10/2011 05:31 PM, YAMAMOTO Mitsuharu wrote:
> No problem. top_ind_rn is set to a non-negative value whenever
> row->indicate_bob_p is set.
Thanks for explaining that. I plan to add the following comment
to the code, just before the declarations of
top_row_ends_at_zv_p and bot_row_ends_at_zv_p:
/* top_ind_rn is set to a nonnegative value whenver
row->indicate_bob_p is set, so it's OK that top_row_ends_at_zv_p
is not initialized here. Similarly for bot_ind_rn,
row->indicate_eob_p and bot_row_ends_at_zv_p. */
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Fri, 08 Apr 2011 11:24:04 GMT)
Full text and
rfc822 format available.
This bug report was last modified 14 years and 132 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.