[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #66080] [pic] Using uninitialized elements of the "place" structure
From: |
Lukas Javorsky |
Subject: |
[bug #66080] [pic] Using uninitialized elements of the "place" structure in "place::follow" function |
Date: |
Mon, 12 Aug 2024 10:03:41 -0400 (EDT) |
URL:
<https://savannah.gnu.org/bugs/?66080>
Summary: [pic] Using uninitialized elements of the "place"
structure in "place::follow" function
Group: GNU roff
Submitter: ljavorsk
Submitted: Mon 12 Aug 2024 02:03:39 PM UTC
Category: Preprocessor pic
Severity: 3 - Normal
Item Group: None
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Planned Release: None
_______________________________________________________
Follow-up Comments:
-------------------------------------------------------
Date: Mon 12 Aug 2024 02:03:39 PM UTC By: Lukas Javorsky <ljavorsk>
Using uninitialized elements "x" and "y" could cause undefined behavior. It's
safer to initialize them to "0" to ensure it doesn't happen.
These defects were identified by SAST analyzers (combination of
coverity,snyk,cppcheck,gcc,clang,shellcheck,unicontrol), and from 98 findings
these are few that I believe are NOT false positives.
Error: UNINIT (CWE-457):
groff-1.23.0/src/preproc/pic/object.cpp:894: var_decl: Declaring variable
"here" without initializer.
groff-1.23.0/src/preproc/pic/object.cpp:896: uninit_use_in_call: Using
uninitialized value "here". Field "here.x" is uninitialized when calling
"follow".
# 894| place here;
# 895| here.obj = p;
# 896|-> if (!with->follow(here, &offset))
# 897| return 0;
# 898| pos -= offset;
Possible remedy:
Commits are in the attachments
Please let me know if you believe these are indeed false positives and why.
Thank you so much for your collaboration.
_______________________________________________________
File Attachments:
-------------------------------------------------------
Name: 0001-Initialize-x-and-y-elements-of-the-here-structure.patch Size: 834B
<https://file.savannah.gnu.org/file/0001-Initialize-x-and-y-elements-of-the-here-structure.patch?file_id=56347>
AGPL NOTICE
These attachments are served by Savane. You can download the corresponding
source code of Savane at
https://git.savannah.nongnu.org/cgit/administration/savane.git/snapshot/savane-d76bf983d304f2acfc08b5b4a201839fd9edec71.tar.gz
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?66080>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
signature.asc
Description: PGP signature
- [bug #66080] [pic] Using uninitialized elements of the "place" structure in "place::follow" function,
Lukas Javorsky <=