X-Loop: help-debbugs@HIDDEN
Subject: bug#72251: defect found by covscan in diffutils-3.10 (gnulibs)
Resent-From: Wasser Mai <wasser19641@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-diffutils@HIDDEN
Resent-Date: Tue, 23 Jul 2024 06:39:01 +0000
Resent-Message-ID: <handler.72251.B.172171672228954 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: report 72251
X-GNU-PR-Package: diffutils
X-GNU-PR-Keywords:
To: 72251 <at> debbugs.gnu.org
X-Debbugs-Original-To: bug-diffutils@HIDDEN
Received: via spool by submit <at> debbugs.gnu.org id=B.172171672228954
(code B ref -1); Tue, 23 Jul 2024 06:39:01 +0000
Received: (at submit) by debbugs.gnu.org; 23 Jul 2024 06:38:42 +0000
Received: from localhost ([127.0.0.1]:59012 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1sW9AV-0007Wt-SH
for submit <at> debbugs.gnu.org; Tue, 23 Jul 2024 02:38:42 -0400
Received: from lists.gnu.org ([209.51.188.17]:42904)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <wasser19641@HIDDEN>) id 1sVwr0-0000bg-NQ
for submit <at> debbugs.gnu.org; Mon, 22 Jul 2024 13:29:43 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <wasser19641@HIDDEN>)
id 1sVwqv-0008Jy-Pm
for bug-diffutils@HIDDEN; Mon, 22 Jul 2024 13:29:38 -0400
Received: from mail-lf1-x12f.google.com ([2a00:1450:4864:20::12f])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.90_1) (envelope-from <wasser19641@HIDDEN>)
id 1sVwqt-0006M3-Ok
for bug-diffutils@HIDDEN; Mon, 22 Jul 2024 13:29:37 -0400
Received: by mail-lf1-x12f.google.com with SMTP id
2adb3069b0e04-52ed741fe46so5280736e87.0
for <bug-diffutils@HIDDEN>; Mon, 22 Jul 2024 10:29:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1721669370; x=1722274170; darn=gnu.org;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=NaceFL/AgfBXGKFapdXgr28kJtmlArdiHqr+qXXhyVU=;
b=CaPONT9Ow6bt5uOFXIyqMZRB2Yonejbb6bpb7NNVKWI5zpdu3fWw5qSo0cHWSc4bLt
M3tcQs6ooOwDzFcZYMVs3k+EhzydZ0c52k3H67XGQkqPllUoRmHJDLSg9bsFmdwrPTB0
KQ4kcoDIJRTs+EqqTxIWJasPccX65LhmCUARGALKv1Ja19dFjLKJFcnsHr+GJOYBTX1v
Mg+LQIaPTScw7+tqqUSTS3JQ56o79CcKOBVp2X2Sufd/2lGg+QyOrUV+gCEI9OeX+WVC
GvbCjjXQTxSdlTHf9bHR6BvgRtLJm/UMbbuIFgqqK3c7GIq5z5QWb04E87CLhYBV69DR
tTzw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1721669370; x=1722274170;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=NaceFL/AgfBXGKFapdXgr28kJtmlArdiHqr+qXXhyVU=;
b=G9bzRdCbWPZRceORtbSEe8lAgzVi4Zd/h1el7BbFrzpjqJ9I7uWRzq6rO4G9uc9AY5
t6uTktTle2tsKvb1zeZKJPGn1OhW7Niawmpt+bTDzNA5Wu676Zl+r6GhEN3pNPSZ7fXU
vvzJwvVgNsEmfPiOVb8QsTBav6t+Kx0xA1SQSpWBnZCdLlWlq0KAbh05tNUN7p/4fTuY
a0Mi9YdIA/d0cc2hwXu0PxulfdkvbeYAF1PGwl88J7HgoFAxoP3MIVAMVU8wrOX9XKvv
6bDabTv9cVAU2trvhloqe/0iLxX+bXH7D2+meU5ExRfOK2I85JZFd2GDhPhoRJzvWmGv
uUtA==
X-Gm-Message-State: AOJu0YzSMQxN/Pv0DTxDEmJO/BPpiAkyUjp+tQXjTmto36lVqcs8LMAz
WZ7PlKjWMVL4IulDHy45O2JxSot180gwLtOfwKAM1ux6WBmdhpBGeuFAcE/ul2PBg62fV0YMi1C
3W55H0boK5nFLj6tq0ZZL3Ezxn702sez9
X-Google-Smtp-Source: AGHT+IEFcRtD4hT5PhpzJv/8Zs5GW7/1T+BKiDLZ8ihCdWV32TIesVnlONdwMYjjHqX/SuDDorQAGmkkagVCAxa+yYg=
X-Received: by 2002:ac2:4bc2:0:b0:52c:9383:4c16 with SMTP id
2adb3069b0e04-52efb7a0b03mr4877742e87.22.1721669369969; Mon, 22 Jul 2024
10:29:29 -0700 (PDT)
MIME-Version: 1.0
From: Wasser Mai <wasser19641@HIDDEN>
Date: Mon, 22 Jul 2024 19:29:18 +0200
Message-ID: <CAGS-GNbBYwkPhAi_1J27rbEtzFmvQ48RiCLfKttsAoRfo89YDA@HIDDEN>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=2a00:1450:4864:20::12f;
envelope-from=wasser19641@HIDDEN; helo=mail-lf1-x12f.google.com
X-Spam_score_int: -17
X-Spam_score: -1.8
X-Spam_bar: -
X-Spam_report: (-1.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001,
RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.1 (-)
X-Mailman-Approved-At: Tue, 23 Jul 2024 02:38:38 -0400
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.2 (/)
There's a following defect in diffutils-3.10 (gnulib) found by
covscan. The memory dfa->eclosure points to is not initialized. It
looks like a true positive.
Error: UNINIT (CWE-457):
diffutils-3.10/lib/regcomp.c:1134: alloc_fn: Calling "malloc" which
returns uninitialized memory.
diffutils-3.10/lib/regcomp.c:1134: assign: Assigning: "dfa->eclosures"
= "(re_node_set *)malloc(dfa->nodes_alloc * 24UL)", which points to
uninitialized data.
diffutils-3.10/lib/regcomp.c:1177: uninit_use_in_call: Using
uninitialized value "dfa->eclosures->elems" when calling
"calc_inveclosure".
diffutils-3.10/lib/regcomp.c:1177: uninit_use_in_call: Using
uninitialized value "dfa->eclosures->nelem" when calling
"calc_inveclosure".
# 1226| if (__glibc_unlikely (dfa->inveclosures == NULL))
# 1227| return REG_ESPACE;
# 1228|-> ret = calc_inveclosure (dfa);
# 1229| }
# 1230|
maybe add a loop to iterate through all elements and call
re_node_set_init_empty to initialize each element like this?
diff -up diffutils-3.10/lib/regcomp.c.orig diffutils-3.10/lib/regcomp.c
--- diffutils-3.10/lib/regcomp.c.orig 2024-07-22 19:06:27.783986757 +0200
+++ diffutils-3.10/lib/regcomp.c 2024-07-22 19:10:41.303397164 +0200
@@ -1136,6 +1136,10 @@ analyze (regex_t *preg)
|| dfa->edests == NULL || dfa->eclosures == NULL))
return REG_ESPACE;
+ // Initialize each element (for example, set them all to an empty node set)
+ for (Idx i = 0; i < dfa->nodes_alloc; ++i) {
+ re_node_set_init_empty(dfa->eclosures + i);
+ }
dfa->subexp_map = re_malloc (Idx, preg->re_nsub);
if (dfa->subexp_map != NULL)
{
Thanks!
Wasser
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) Content-Type: text/plain; charset=utf-8 X-Loop: help-debbugs@HIDDEN From: help-debbugs@HIDDEN (GNU bug Tracking System) To: Wasser Mai <wasser19641@HIDDEN> Subject: bug#72251: Acknowledgement (defect found by covscan in diffutils-3.10 (gnulibs)) Message-ID: <handler.72251.B.172171672228954.ack <at> debbugs.gnu.org> References: <CAGS-GNbBYwkPhAi_1J27rbEtzFmvQ48RiCLfKttsAoRfo89YDA@HIDDEN> X-Gnu-PR-Message: ack 72251 X-Gnu-PR-Package: diffutils Reply-To: 72251 <at> debbugs.gnu.org Date: Tue, 23 Jul 2024 06:39:01 +0000 Thank you for filing a new bug report with debbugs.gnu.org. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): bug-diffutils@HIDDEN If you wish to submit further information on this problem, please send it to 72251 <at> debbugs.gnu.org. Please do not send mail to help-debbugs@HIDDEN unless you wish to report a problem with the Bug-tracking system. --=20 72251: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D72251 GNU Bug Tracking System Contact help-debbugs@HIDDEN with problems
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.