bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] uninitialized variable access


From: Grisha Levit
Subject: [PATCH] uninitialized variable access
Date: Sat, 17 Jun 2023 02:55:32 -0400

Some uninitialized variable access identified by clang's static analyzer.
(FWIW 90% of the reports were bogus but these seem legit)

* lib/readline/input.c
- rl_gather_tyi: the `result' variable is no longer initialized before
first access since commit d0bc56a32

* lib/readline/kill.c
- _rl_read_bracketed_paste_prefix: if there's no further input after the
initial \e of the bracketed paste prefix, an uninitialized value of `key'
can get used in the return value

* subst.c
- function_substitute: seems like the `tflag' assignment ended up in the
wrong place?

* builtins/read.def
- read_builtin: with `read -n0', the initialization of saw_escape is goto-d
over but that variable is later accessed

---
diff --git a/lib/readline/input.c b/lib/readline/input.c
index 229474ff..00605834 100644
--- a/lib/readline/input.c
+++ b/lib/readline/input.c
@@ -252,6 +252,7 @@ rl_gather_tyi (void)
   chars_avail = 0;
   input = 0;
   tty = fileno (rl_instream);
+  result = -1;

   /* Move this up here to give it first shot, but it can't set chars_avail
*/
   /* XXX - need rl_chars_available_hook? */
diff --git a/lib/readline/kill.c b/lib/readline/kill.c
index 1dfe3c57..1f13e447 100644
--- a/lib/readline/kill.c
+++ b/lib/readline/kill.c
@@ -779,7 +779,7 @@ _rl_read_bracketed_paste_prefix (int c)
   pbpref = BRACK_PASTE_PREF; /* XXX - debugging */
   if (c != pbpref[0])
     return (0);
-  pbuf[ind = 0] = c;
+  pbuf[ind = 0] = key = c;
   while (ind < BRACK_PASTE_SLEN-1 &&
  (RL_ISSTATE (RL_STATE_INPUTPENDING|RL_STATE_MACROINPUT) == 0) &&
          _rl_pushed_input_available () == 0 &&
diff --git a/subst.c b/subst.c
index 08d9285e..e69e0e5b 100644
--- a/subst.c
+++ b/subst.c
@@ -7021,7 +7021,6 @@ function_substitute (char *string, int quoted, int
flags)
       /* We call anonclose as part of the outer nofork unwind-protects */
       BLOCK_SIGNAL (SIGINT, set, oset);
       lseek (afd, 0, SEEK_SET);
-      tflag = 0;
       istring = read_comsub (afd, quoted, flags, &tflag);
       UNBLOCK_SIGNAL (oset);
     }
@@ -7029,6 +7028,7 @@ function_substitute (char *string, int quoted, int
flags)
     {
       s = get_string_value ("REPLY");
       istring = s ? comsub_quote_string (s, quoted, flags) : savestring
("");
+      tflag = 0;
     }

   run_unwind_frame ("nofork comsub");  /* restores stdout, job control
stuff */

diff --git a/builtins/read.def b/builtins/read.def
index cb4e1e59..80d1241d 100644
--- a/builtins/read.def
+++ b/builtins/read.def
@@ -403,6 +403,9 @@ read_builtin (WORD_LIST *list)
   input_string = (char *)xmalloc (size = 112); /* XXX was 128 */
   input_string[0] = '\0';

+  pass_next = 0;       /* Non-zero signifies last char was backslash. */
+  saw_escape = 0;      /* Non-zero signifies that we saw an escape char */
+
   /* More input and options validation */
   if (nflag == 1 && nchars == 0)
     {
@@ -463,9 +466,6 @@ read_builtin (WORD_LIST *list)
     add_unwind_protect (xfree, rlbuf);
 #endif

-  pass_next = 0;       /* Non-zero signifies last char was backslash. */
-  saw_escape = 0;      /* Non-zero signifies that we saw an escape char */
-
   if (tmsec > 0 || tmusec > 0)
     {
       /* Turn off the timeout if stdin is a regular file (e.g. from


reply via email to

[Prev in Thread] Current Thread [Next in Thread]