GNU bug report logs - #72251
defect found by covscan in diffutils-3.10 (gnulibs)

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Package: diffutils; Reported by: Wasser Mai <wasser19641@HIDDEN>; dated Tue, 23 Jul 2024 06:39:01 UTC; Maintainer for diffutils is bug-diffutils@HIDDEN.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 23 Jul 2024 06:38:42 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Jul 23 02:38:42 2024
Received: from localhost ([127.0.0.1]:59012 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1sW9AV-0007Wt-SH
	for submit <at> debbugs.gnu.org; Tue, 23 Jul 2024 02:38:42 -0400
Received: from lists.gnu.org ([209.51.188.17]:42904)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <wasser19641@HIDDEN>) id 1sVwr0-0000bg-NQ
 for submit <at> debbugs.gnu.org; Mon, 22 Jul 2024 13:29:43 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <wasser19641@HIDDEN>)
 id 1sVwqv-0008Jy-Pm
 for bug-diffutils@HIDDEN; Mon, 22 Jul 2024 13:29:38 -0400
Received: from mail-lf1-x12f.google.com ([2a00:1450:4864:20::12f])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <wasser19641@HIDDEN>)
 id 1sVwqt-0006M3-Ok
 for bug-diffutils@HIDDEN; Mon, 22 Jul 2024 13:29:37 -0400
Received: by mail-lf1-x12f.google.com with SMTP id
 2adb3069b0e04-52ed741fe46so5280736e87.0
 for <bug-diffutils@HIDDEN>; Mon, 22 Jul 2024 10:29:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1721669370; x=1722274170; darn=gnu.org;
 h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
 :date:message-id:reply-to;
 bh=NaceFL/AgfBXGKFapdXgr28kJtmlArdiHqr+qXXhyVU=;
 b=CaPONT9Ow6bt5uOFXIyqMZRB2Yonejbb6bpb7NNVKWI5zpdu3fWw5qSo0cHWSc4bLt
 M3tcQs6ooOwDzFcZYMVs3k+EhzydZ0c52k3H67XGQkqPllUoRmHJDLSg9bsFmdwrPTB0
 KQ4kcoDIJRTs+EqqTxIWJasPccX65LhmCUARGALKv1Ja19dFjLKJFcnsHr+GJOYBTX1v
 Mg+LQIaPTScw7+tqqUSTS3JQ56o79CcKOBVp2X2Sufd/2lGg+QyOrUV+gCEI9OeX+WVC
 GvbCjjXQTxSdlTHf9bHR6BvgRtLJm/UMbbuIFgqqK3c7GIq5z5QWb04E87CLhYBV69DR
 tTzw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1721669370; x=1722274170;
 h=to:subject:message-id:date:from:mime-version:x-gm-message-state
 :from:to:cc:subject:date:message-id:reply-to;
 bh=NaceFL/AgfBXGKFapdXgr28kJtmlArdiHqr+qXXhyVU=;
 b=G9bzRdCbWPZRceORtbSEe8lAgzVi4Zd/h1el7BbFrzpjqJ9I7uWRzq6rO4G9uc9AY5
 t6uTktTle2tsKvb1zeZKJPGn1OhW7Niawmpt+bTDzNA5Wu676Zl+r6GhEN3pNPSZ7fXU
 vvzJwvVgNsEmfPiOVb8QsTBav6t+Kx0xA1SQSpWBnZCdLlWlq0KAbh05tNUN7p/4fTuY
 a0Mi9YdIA/d0cc2hwXu0PxulfdkvbeYAF1PGwl88J7HgoFAxoP3MIVAMVU8wrOX9XKvv
 6bDabTv9cVAU2trvhloqe/0iLxX+bXH7D2+meU5ExRfOK2I85JZFd2GDhPhoRJzvWmGv
 uUtA==
X-Gm-Message-State: AOJu0YzSMQxN/Pv0DTxDEmJO/BPpiAkyUjp+tQXjTmto36lVqcs8LMAz
 WZ7PlKjWMVL4IulDHy45O2JxSot180gwLtOfwKAM1ux6WBmdhpBGeuFAcE/ul2PBg62fV0YMi1C
 3W55H0boK5nFLj6tq0ZZL3Ezxn702sez9
X-Google-Smtp-Source: AGHT+IEFcRtD4hT5PhpzJv/8Zs5GW7/1T+BKiDLZ8ihCdWV32TIesVnlONdwMYjjHqX/SuDDorQAGmkkagVCAxa+yYg=
X-Received: by 2002:ac2:4bc2:0:b0:52c:9383:4c16 with SMTP id
 2adb3069b0e04-52efb7a0b03mr4877742e87.22.1721669369969; Mon, 22 Jul 2024
 10:29:29 -0700 (PDT)
MIME-Version: 1.0
From: Wasser Mai <wasser19641@HIDDEN>
Date: Mon, 22 Jul 2024 19:29:18 +0200
Message-ID: <CAGS-GNbBYwkPhAi_1J27rbEtzFmvQ48RiCLfKttsAoRfo89YDA@HIDDEN>
Subject: defect found by covscan in diffutils-3.10 (gnulibs)
To: bug-diffutils@HIDDEN
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=2a00:1450:4864:20::12f;
 envelope-from=wasser19641@HIDDEN; helo=mail-lf1-x12f.google.com
X-Spam_score_int: -17
X-Spam_score: -1.8
X-Spam_bar: -
X-Spam_report: (-1.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.1 (-)
X-Debbugs-Envelope-To: submit
X-Mailman-Approved-At: Tue, 23 Jul 2024 02:38:38 -0400
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.2 (/)

There's a following defect in diffutils-3.10 (gnulib) found by
covscan. The memory dfa->eclosure points to is not initialized. It
looks like a true positive.

Error: UNINIT (CWE-457):
diffutils-3.10/lib/regcomp.c:1134: alloc_fn: Calling "malloc" which
returns uninitialized memory.
diffutils-3.10/lib/regcomp.c:1134: assign: Assigning: "dfa->eclosures"
= "(re_node_set *)malloc(dfa->nodes_alloc * 24UL)", which points to
uninitialized data.
diffutils-3.10/lib/regcomp.c:1177: uninit_use_in_call: Using
uninitialized value "dfa->eclosures->elems" when calling
"calc_inveclosure".
diffutils-3.10/lib/regcomp.c:1177: uninit_use_in_call: Using
uninitialized value "dfa->eclosures->nelem" when calling
"calc_inveclosure".
# 1226|         if (__glibc_unlikely (dfa->inveclosures == NULL))
# 1227|           return REG_ESPACE;
# 1228|->       ret = calc_inveclosure (dfa);
# 1229|       }
# 1230|

maybe add a loop to iterate through all elements and call
re_node_set_init_empty to initialize each element like this?

diff -up diffutils-3.10/lib/regcomp.c.orig diffutils-3.10/lib/regcomp.c
--- diffutils-3.10/lib/regcomp.c.orig   2024-07-22 19:06:27.783986757 +0200
+++ diffutils-3.10/lib/regcomp.c        2024-07-22 19:10:41.303397164 +0200
@@ -1136,6 +1136,10 @@ analyze (regex_t *preg)
                       || dfa->edests == NULL || dfa->eclosures == NULL))
    return REG_ESPACE;

+  // Initialize each element (for example, set them all to an empty node set)
+  for (Idx i = 0; i < dfa->nodes_alloc; ++i) {
+    re_node_set_init_empty(dfa->eclosures + i);
+  }
  dfa->subexp_map = re_malloc (Idx, preg->re_nsub);
  if (dfa->subexp_map != NULL)
    {

Thanks!
Wasser
Acknowledgement sent to Wasser Mai <wasser19641@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-diffutils@HIDDEN. Full text available.
Report forwarded to bug-diffutils@HIDDEN:
bug#72251; Package diffutils. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Tue, 23 Jul 2024 06:45:01 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.