On 07/16/2013 10:53 PM, Philip Oakley wrote: > > Does anyone run the "new static checker called 'Stack' that precisely > identifies unstable code"? [though the paper's conclusion says 'All > Stack source code will be publicly available.' which suggests it's not > yet available] > So I started using the clang code analyzer on git. One of the first warnings actually is this: object.c:241:7: warning: Branch condition evaluates to a garbage value if (!eaten) So that part of object.c lookx like this: struct object *parse_object(const unsigned char *sha1) { int eaten; ... obj = parse_object_buffer(sha1, type, size, buffer, &eaten); if (!eaten) free(buffer); } And the parse_object_buffer looks like this with respect to the eaten variable: struct object *parse_object_buffer(...) { int eaten = 0; if (something) return NULL; ... if (something_different) eaten=1; *eaten_p = eaten; } So what might happen is, that parse_object_buffer exits early, without executing *eaten_p = eaten; Then in the parse_object function eaten was never initialized nor set inside the call to parse_object_buffer. Then it is obvious that the free(buffer) is executed depending on garbage left on the stack. Definitely something what we want to change. The obvious way to repair this would be to just initialize the eaten variable inside parse_object. struct object *parse_object(const unsigned char *sha1) { int eaten=0; ... However I'd like to propose another solution: In parse_object_buffer we do not have a local eaten variable, but directly write to *eaten_p. That would be the following patch. Was there a particular idea or goal behind first having a local eaten variable, which later near the correct return of the function was used to set the eaten_p? Thanks, Stefan
Attachment:
signature.asc
Description: OpenPGP digital signature