On Mon, Feb 09, 2015 at 06:24:35PM -0500, Jeff King wrote: > Clang's address sanitizer has compiler support, so it does get to see > this memory and could put a canary value in for each loop iteration. But > it doesn't. Instead, you're supposed to use the "memory sanitizer" to > catch uninitialized memory. > > I tried that, but got overwhelmed with false positives. Like valgrind, > it has problems accepting that memory written by zlib is actually > initialized. But in theory, if we went to the work to annotate some > false positives, it should be able to find this problem. I got rid of the false positives here, through a combination of compiling with NO_OPENSSL (since it otherwise doesn't know that git_SHA1_Final is initializing hashes), and this patch which lets it assume that the output of zlib (at least for these cases) is always initialized: diff --git a/sha1_file.c b/sha1_file.c index 30995e6..28c8f84 100644 --- a/sha1_file.c +++ b/sha1_file.c @@ -1682,6 +1682,7 @@ unsigned long get_size_from_delta(struct packed_git *p, git_zstream stream; int st; + memset(delta_head, 0, 20); memset(&stream, 0, sizeof(stream)); stream.next_out = delta_head; stream.avail_out = sizeof(delta_head); @@ -1973,6 +1974,7 @@ static void *unpack_compressed_entry(struct packed_git *p, buffer = xmallocz_gently(size); if (!buffer) return NULL; + memset(buffer, 0, size); memset(&stream, 0, sizeof(stream)); stream.next_out = buffer; stream.avail_out = size + 1; Sadly, though, the test case in question runs to completion. It does not seem to detect our use of uninitialized memory. :( -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html