GNU bug report logs -
#8227
possibly uninitialized variables in update_window_fringes
Previous Next
Reported by: Paul Eggert <eggert <at> cs.ucla.edu>
Date: Thu, 10 Mar 2011 23:46:02 UTC
Severity: minor
Done: Paul Eggert <eggert <at> cs.ucla.edu>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Your bug report
#8227: possibly uninitialized variables in update_window_fringes
which was filed against the emacs package, has been closed.
The explanation is attached below, along with your original report.
If you require more details, please reply to 8227 <at> debbugs.gnu.org.
--
8227: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=8227
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
On 03/10/2011 05:31 PM, YAMAMOTO Mitsuharu wrote:
> No problem. top_ind_rn is set to a non-negative value whenever
> row->indicate_bob_p is set.
Thanks for explaining that. I plan to add the following comment
to the code, just before the declarations of
top_row_ends_at_zv_p and bot_row_ends_at_zv_p:
/* top_ind_rn is set to a nonnegative value whenver
row->indicate_bob_p is set, so it's OK that top_row_ends_at_zv_p
is not initialized here. Similarly for bot_ind_rn,
row->indicate_eob_p and bot_row_ends_at_zv_p. */
[Message part 3 (message/rfc822, inline)]
Severity: minor
I found this problem by compiling Emacs with GCC's -Wuninitialized flag.
The following code in the Emacs trunk src/fringe.c's
update_window_fringes function might be using uninitialized
variables:
int top_row_ends_at_zv_p, bot_row_ends_at_zv_p;
...
if (top_ind_rn >= 0)
{
...
top_row_ends_at_zv_p = row->ends_at_zv_p;
}
...
for (y = w->vscroll, rn = 0;
y < yb && rn < nrows;
y += row->height, rn++)
{
...
if (WINDOW_LEFT_FRINGE_WIDTH (w) == 0)
...
else if (row->left_user_fringe_bitmap != NO_FRINGE_BITMAP)
...
else if ((!row->reversed_p && row->truncated_on_left_p)
|| (row->reversed_p && row->truncated_on_right_p))
...
else if (row->indicate_bob_p && EQ (boundary_top, Qleft))
{
left = ((row->indicate_eob_p && EQ (boundary_bot, Qleft))
? LEFT_FRINGE (1, Qtop_bottom, top_row_ends_at_zv_p)
: LEFT_FRINGE (2, Qtop, 0));
...
}
The last assignment uses top_row_ends_at_zv_p, but it's not clear
from the previous tests that top_row_ends_at_zv_p must be initialized.
There is a similar issue with bot_row_ends_at_zv_p.
I'm filing a bug report so that someone who is more expert in this
code can take a look at it. In the meantime, I plan to work around
the problem by initializing the two local variables to 0, with a FIXME
explaining the situation: this shouldn't introduce a bug, because at
worst it will replace undefined behavior with defined behavior.
I'm CC'ing this to YAMAMOTO Mitsuharu, who committed the code in
question.
This bug report was last modified 14 years and 133 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.