Description of problem: I just tried to compile package libwvstreams-3.70-12 from Redhat Fedora Core 1. The compiler said 1. wvstring.cc(88): warning #592: variable "buf" is used before its value is set The source code is WvStringBuf *buf = (WvStringBuf *)malloc(WVSTRINGBUF_SIZE(buf) + size + WVSTRING_EXTRA); buf is clearly used before it's value has been assigned. I think we've been here before on this one. Further investigation of macro WVSTRINGBUF_SIZE suggests #define WVSTRINGBUF_SIZE(s) (s->data - (char *)s) Accessing uninitialised data is guaranteed trouble. Using uninitialised data as a valid pointer value is guaranteed trouble. There could be a core dump if buf has a bad value. Suggest init buf before first use. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
The expression (s->data - (char *)s) will always give the same result, with any value of s, and regardless the memory s is pointing to. The memory where s is pointing to, is not accessed during the evaluation of the expression. We can modify the code to avoid the compiler warning, or close this bug as not-a-bug.
>will always give the same result, with any value of s, >and regardless the memory s is pointing to. I think we are going round in circles on this one. I'll try to be more explicit. Where s contains rubbish, it could point anywhere, resulting in a segmentation violation, have a not legal pointer value (on some machines pointers have to be a multiple of four). >The memory where s is pointing to, is not accessed during the >evaluation of the expression. >(s->data - (char *)s) The evaluation of s->data requies s to be read. In doing so, a segmentation violation could occur.
what about #define WVSTRINGBUF_SIZE(s) (offsetof(struct WvStringBuf, data))