Bug 111190 - reading uninitialised data
reading uninitialised data
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: redhat-config-securitylevel (Show other bugs)
1
All Linux
medium Severity medium
: ---
: ---
Assigned To: Brent Fox
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-11-29 06:23 EST by d.binderman
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-12-09 16:41:25 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description d.binderman 2003-11-29 06:23:19 EST
Description of problem:
I just tried to compile package redhat-config-securitylevel-1.2.11-1
from Fedora.

The compiler said

1.

lokkit.c(249): remark #592: variable "ret" is used before its value is set

The source code is

	char *ret;
	/* more code */
	ret = calloc((orig ? strlen(orig) : 0) + strlen(ret) + 2, sizeof(char));

Suggest initialise ret before use.



Version-Release number of selected component (if applicable):
redhat-config-securitylevel-1.2.11-1


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Brent Fox 2003-12-05 14:53:21 EST
Did the program finish compiling or did the build not finish?
Comment 2 d.binderman 2003-12-06 04:21:34 EST
>Did the program finish compiling or did the build not finish?

Eh ?

I don't understand how this matters. The program has an "easily
detectable at compile time" bug in it.

Doing strlen( ret), where ret is uninitialised, is certainly
a run time problem.

I think the bug needs fixing, independent of the compile
finishing or not.

Comment 3 Brent Fox 2003-12-08 14:12:00 EST
My question is simple.  Is the message you are seeing a compiler
warning or a compiler error?

This code has not changed in _years_ and we know that lokkit works. 
If all you are seeing is a compiler warning that does not prevent the
program from working properly, then there are many other higher
priority bugs that deserve more attention than this one.
Comment 4 d.binderman 2003-12-09 04:53:57 EST
>compiler warning or a compiler error?

Like it says in the text, it's a remark.

If ignore compiler warnings & remarks, then you have a deeply
flawed development process.

>This code has not changed in _years_ and we know that lokkit works. 

How naive.

>many other higher priority bugs that deserve more attention than 
>this one.

Quite possibly.

The code is still broken. Any exeucution of this code is almost
certain to cause a run time crash.


Comment 5 Brent Fox 2003-12-09 16:41:25 EST
All I'm trying to do is assess the severity of the problem and you're
being belligerent about it.  I'm less inclined to help you.

If you want to harp on compiler warnings, go compile a kernel and
watch the hundreds of warnings scroll by.

>The code is still broken. Any exeucution of this code is almost
>certain to cause a run time crash.

Show me a run time crash and then I'll consider this a bug.

Note You need to log in before you can comment on or make changes to this bug.