Re: [PATCH] Fix maybe-uninitialized warnings found by gcc 9 -flto

Junio C Hamano <gitster@xxxxxxxxx> · Thu, 05 Sep 2019 10:41:57 -0700

Stephan Beyer <s-beyer@xxxxxxx> writes:

> diff --git a/fast-import.c b/fast-import.c
> index b44d6a467e..58f73f9105 100644
> --- a/fast-import.c
> +++ b/fast-import.c
> @@ -903,7 +903,8 @@ static int store_object(
>  	struct object_entry *e;
>  	unsigned char hdr[96];
>  	struct object_id oid;
> -	unsigned long hdrlen, deltalen;
> +	unsigned long hdrlen;
> +	unsigned long deltalen = 0;
>  	git_hash_ctx c;
>  	git_zstream s;

[in my attempt to imitate Réne...]

In this function, deltalen is used only when delta != NULL, i.e.

	if (delta) {
		s.next_in = delta;
		s.avail_in = deltalen;
	} else {
		s.next_in = (void *)dat->buf;
		s.avail_in = dat->len;
	}
	...
	if (delta) {
		...
		hdrlen = encode_in_pack_object_header(hdr, sizeof(hdr),
						      OBJ_OFS_DELTA, deltalen);
	...

Could delta become non-NULL without deltalen getting set?  We see
these before all uses of delta/deltalen in this function.

	if (last && last->data.len && last->data.buf && last->depth < max_depth
		&& dat->len > the_hash_algo->rawsz) {

		delta_count_attempts_by_type[type]++;
		delta = diff_delta(last->data.buf, last->data.len,
			dat->buf, dat->len,
			&deltalen, dat->len - the_hash_algo->rawsz);
	} else
		delta = NULL;

If diff_delta() returns non-NULL without touching deltalen, we'd be
in trouble.  We see this in delta.h

static inline void *
diff_delta(const void *src_buf, unsigned long src_bufsize,
	   const void *trg_buf, unsigned long trg_bufsize,
	   unsigned long *delta_size, unsigned long max_delta_size)
{
	struct delta_index *index = create_delta_index(src_buf, src_bufsize);
	if (index) {
		void *delta = create_delta(index, trg_buf, trg_bufsize,
					   delta_size, max_delta_size);
		free_delta_index(index);
		return delta;
	}
	return NULL;
}

so the question is if create_delta() can return non-NULL without
touching delta_size.  In diff-delta.c::create_delta(), *delta_size
is assigned once at the very end, when the function returns a
pointer to an allocated memory 'out'.  All the "return" statement
other than that last one literally returns "NULL".

So it seems that this is a case the compiler getting confused.