Bug #513
open
Use of heredoc in function relies on uninitalised seek offset variable
0%
Description
The following heredoc testcase triggers a "valgrind" hit because function |io_heredoc()| uses variable |off| without initalising it first:
-- snip --
$ valgrind ./arch/linux.i386/bin/ksh c 'builtin cat ; function ff { cat <<<"hello" ; } ; ff' snip --
[snip]
16561 Conditional jump or move depends on uninitialised value(s)
16561 at 0x54F332: sfseek (sfseek.c:124)
16561 by 0x43E0BB: io_heredoc (io.c:1538)
16561 by 0x43CF8D: sh_redirect (io.c:1186)
16561 by 0x481C44: sh_exec (xec.c:1206)
16561 by 0x4890B4: sh_funscope (xec.c:3207)
16561 by 0x489792: sh_funct (xec.c:3293)
16561 by 0x48292C: sh_exec (xec.c:1397)
16561 by 0x48475B: sh_exec (xec.c:1962)
16561 by 0x417ED6: exfile (main.c:601)
16561 by 0x4170CD: sh_main (main.c:373)
16561 by 0x41618B: main (pmain.c:45)
16561
16561 Conditional jump or move depends on uninitialised value(s)
16561 at 0x54F344: sfseek (sfseek.c:124)
16561 by 0x43E0BB: io_heredoc (io.c:1538)
16561 by 0x43CF8D: sh_redirect (io.c:1186)
16561 by 0x481C44: sh_exec (xec.c:1206)
16561 by 0x4890B4: sh_funscope (xec.c:3207)
16561 by 0x489792: sh_funct (xec.c:3293)
16561 by 0x48292C: sh_exec (xec.c:1397)
16561 by 0x48475B: sh_exec (xec.c:1962)
16561 by 0x417ED6: exfile (main.c:601)
16561 by 0x4170CD: sh_main (main.c:373)
16561 by 0x41618B: main (pmain.c:45)
16561
16561 Conditional jump or move depends on uninitialised value(s)
16561 at 0x573877: _sfexcept (sfexcept.c:48)
16561 by 0x552047: sfsk (sfsk.c:89)
16561 by 0x54F3EB: sfseek (sfseek.c:134)
16561 by 0x43E0BB: io_heredoc (io.c:1538)
16561 by 0x43CF8D: sh_redirect (io.c:1186)
16561 by 0x481C44: sh_exec (xec.c:1206)
16561 by 0x4890B4: sh_funscope (xec.c:3207)
16561 by 0x489792: sh_funct (xec.c:3293)
16561 by 0x48292C: sh_exec (xec.c:1397)
16561 by 0x48475B: sh_exec (xec.c:1962)
16561 by 0x417ED6: exfile (main.c:601)
16561 by 0x4170CD: sh_main (main.c:373)
16561
16561 Conditional jump or move depends on uninitialised value(s)
16561 at 0x5739F5: _sfexcept (sfexcept.c:64)
16561 by 0x552047: sfsk (sfsk.c:89)
16561 by 0x54F3EB: sfseek (sfseek.c:134)
16561 by 0x43E0BB: io_heredoc (io.c:1538)
16561 by 0x43CF8D: sh_redirect (io.c:1186)
16561 by 0x481C44: sh_exec (xec.c:1206)
16561 by 0x4890B4: sh_funscope (xec.c:3207)
16561 by 0x489792: sh_funct (xec.c:3293)
16561 by 0x48292C: sh_exec (xec.c:1397)
16561 by 0x48475B: sh_exec (xec.c:1962)
16561 by 0x417ED6: exfile (main.c:601)
16561 by 0x4170CD: sh_main (main.c:373)
16561
16561 Syscall param lseek(offset) contains uninitialised byte(s)
16561 at 0x53570C0: lseek (in /lib64/libc-2.8.so)
16561 by 0x551FF8: sfsk (sfsk.c:80)
16561 by 0x54F3EB: sfseek (sfseek.c:134)
16561 by 0x43E0BB: io_heredoc (io.c:1538)
16561 by 0x43CF8D: sh_redirect (io.c:1186)
16561 by 0x481C44: sh_exec (xec.c:1206)
16561 by 0x4890B4: sh_funscope (xec.c:3207)
16561 by 0x489792: sh_funct (xec.c:3293)
16561 by 0x48292C: sh_exec (xec.c:1397)
16561 by 0x48475B: sh_exec (xec.c:1962)
16561 by 0x417ED6: exfile (main.c:601)
16561 by 0x4170CD: sh_main (main.c:373)
16561
16561 Conditional jump or move depends on uninitialised value(s)
16561 at 0x54F3F0: sfseek (sfseek.c:134)
16561 by 0x43E0BB: io_heredoc (io.c:1538)
16561 by 0x43CF8D: sh_redirect (io.c:1186)
16561 by 0x481C44: sh_exec (xec.c:1206)
16561 by 0x4890B4: sh_funscope (xec.c:3207)
16561 by 0x489792: sh_funct (xec.c:3293)
16561 by 0x48292C: sh_exec (xec.c:1397)
16561 by 0x48475B: sh_exec (xec.c:1962)
16561 by 0x417ED6: exfile (main.c:601)
16561 by 0x4170CD: sh_main (main.c:373)
16561 by 0x41618B: main (pmain.c:45)
-
Usually |off| is zero but there are cases when random values are used... which results in sporadic script failures (this has send some services into "maintaince" mode in the past). Note that all forms of heredoc usage are affected.
Files
Updated by Roland Mainz over 12 years ago
- File heredocfix.diff.txt heredocfix.diff.txt added