GNU bug report logs - #8227
possibly uninitialized variables in update_window_fringes

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Paul Eggert <eggert <at> cs.ucla.edu>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#8227: closed (possibly uninitialized variables in
 update_window_fringes)
Date: Fri, 11 Mar 2011 06:26:02 +0000

[Message part 1 (text/plain, inline)]

Your message dated Thu, 10 Mar 2011 22:25:22 -0800
with message-id <4D79C052.5080305 <at> cs.ucla.edu>
and subject line Re: possibly uninitialized variables in update_window_fringes
has caused the GNU bug report #8227,
regarding possibly uninitialized variables in update_window_fringes
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
8227: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=8227
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Paul Eggert <eggert <at> cs.ucla.edu>
To: bug-gnu-emacs <at> gnu.org
Cc: YAMAMOTO Mitsuharu <mituharu <at> math.s.chiba-u.ac.jp>
Subject: possibly uninitialized variables in update_window_fringes
Date: Thu, 10 Mar 2011 15:45:19 -0800

Severity: minor

I found this problem by compiling Emacs with GCC's -Wuninitialized flag.

The following code in the Emacs trunk src/fringe.c's
update_window_fringes function might be using uninitialized
variables:

  int top_row_ends_at_zv_p, bot_row_ends_at_zv_p;
  ...
  if (top_ind_rn >= 0)
    {
      ...
      top_row_ends_at_zv_p = row->ends_at_zv_p;
    }
  ...
  for (y = w->vscroll, rn = 0;
       y < yb && rn < nrows;
       y += row->height, rn++)
    {
      ...
      if (WINDOW_LEFT_FRINGE_WIDTH (w) == 0)
	...
      else if (row->left_user_fringe_bitmap != NO_FRINGE_BITMAP)
        ...
      else if ((!row->reversed_p && row->truncated_on_left_p)
	       || (row->reversed_p && row->truncated_on_right_p))
	...
      else if (row->indicate_bob_p && EQ (boundary_top, Qleft))
	{
	  left = ((row->indicate_eob_p && EQ (boundary_bot, Qleft))
		  ? LEFT_FRINGE (1, Qtop_bottom, top_row_ends_at_zv_p)
		  : LEFT_FRINGE (2, Qtop, 0));
          ...
	}

The last assignment uses top_row_ends_at_zv_p, but it's not clear
from the previous tests that top_row_ends_at_zv_p must be initialized.
There is a similar issue with bot_row_ends_at_zv_p.

I'm filing a bug report so that someone who is more expert in this
code can take a look at it.  In the meantime, I plan to work around
the problem by initializing the two local variables to 0, with a FIXME
explaining the situation: this shouldn't introduce a bug, because at
worst it will replace undefined behavior with defined behavior.

I'm CC'ing this to YAMAMOTO Mitsuharu, who committed the code in
question.

[Message part 3 (message/rfc822, inline)]

From: Paul Eggert <eggert <at> cs.ucla.edu>
To: YAMAMOTO Mitsuharu <mituharu <at> math.s.chiba-u.ac.jp>
Cc: 8227-done <at> debbugs.gnu.org
Subject: Re: possibly uninitialized variables in update_window_fringes
Date: Thu, 10 Mar 2011 22:25:22 -0800

On 03/10/2011 05:31 PM, YAMAMOTO Mitsuharu wrote:

> No problem.  top_ind_rn is set to a non-negative value whenever
> row->indicate_bob_p is set.

Thanks for explaining that.  I plan to add the following comment
to the code, just before the declarations of
top_row_ends_at_zv_p and bot_row_ends_at_zv_p:

  /* top_ind_rn is set to a nonnegative value whenver                           
     row->indicate_bob_p is set, so it's OK that top_row_ends_at_zv_p           
     is not initialized here.  Similarly for bot_ind_rn,                        
     row->indicate_eob_p and bot_row_ends_at_zv_p.  */

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.