Bug 111190

Summary: reading uninitialised data
Product: [Fedora] Fedora Reporter: d.binderman
Component: redhat-config-securitylevelAssignee: Brent Fox <bfox>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 1CC: d.binderman
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-12-09 21:41:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description d.binderman 2003-11-29 11:23:19 UTC 
Description of problem:
I just tried to compile package redhat-config-securitylevel-1.2.11-1
from Fedora.

The compiler said

1.

lokkit.c(249): remark #592: variable "ret" is used before its value is set

The source code is

	char *ret;
	/* more code */
	ret = calloc((orig ? strlen(orig) : 0) + strlen(ret) + 2, sizeof(char));

Suggest initialise ret before use.



Version-Release number of selected component (if applicable):
redhat-config-securitylevel-1.2.11-1


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Brent Fox 2003-12-05 19:53:21 UTC 
Did the program finish compiling or did the build not finish?
Comment 2 d.binderman 2003-12-06 09:21:34 UTC 
>Did the program finish compiling or did the build not finish?

Eh ?

I don't understand how this matters. The program has an "easily
detectable at compile time" bug in it.

Doing strlen( ret), where ret is uninitialised, is certainly
a run time problem.

I think the bug needs fixing, independent of the compile
finishing or not.
Comment 3 Brent Fox 2003-12-08 19:12:00 UTC 
My question is simple.  Is the message you are seeing a compiler
warning or a compiler error?

This code has not changed in _years_ and we know that lokkit works. 
If all you are seeing is a compiler warning that does not prevent the
program from working properly, then there are many other higher
priority bugs that deserve more attention than this one.
Comment 4 d.binderman 2003-12-09 09:53:57 UTC 
>compiler warning or a compiler error?

Like it says in the text, it's a remark.

If ignore compiler warnings & remarks, then you have a deeply
flawed development process.

>This code has not changed in _years_ and we know that lokkit works. 

How naive.

>many other higher priority bugs that deserve more attention than 
>this one.

Quite possibly.

The code is still broken. Any exeucution of this code is almost
certain to cause a run time crash.
Comment 5 Brent Fox 2003-12-09 21:41:25 UTC 
All I'm trying to do is assess the severity of the problem and you're
being belligerent about it.  I'm less inclined to help you.

If you want to harp on compiler warnings, go compile a kernel and
watch the hundreds of warnings scroll by.

>The code is still broken. Any exeucution of this code is almost
>certain to cause a run time crash.

Show me a run time crash and then I'll consider this a bug.