local_iovec.__sanitizer::__sanitizer_iovec::iov_len’ may be used uninitialized |
|||
Issue description
[874/902] Building CXX object lib/esan/CMakeFiles/clang_rt.esan-x86_64.dir/esan_interceptors.cpp.o
/b/c/b/ToTLinux/src/third_party/llvm/compiler-rt/lib/esan/esan_interceptors.cpp: In function ‘__sanitizer::uptr __interceptor_ptrace(int, int, void*, void*)’:
/b/c/b/ToTLinux/src/third_party/llvm/compiler-rt/lib/esan/esan_interceptors.cpp:75:53: warning: ‘local_iovec.__sanitizer::__sanitizer_iovec::iov_len’ may be used uninitialized in this function [-Wmaybe-uninitialized]
processRangeAccess(CUR_PC(), (uptr)ptr, size, true)
^
In file included from /b/c/b/ToTLinux/src/third_party/llvm/compiler-rt/lib/esan/esan_interceptors.cpp:187:0:
/b/c/b/ToTLinux/src/third_party/llvm/compiler-rt/lib/esan/../sanitizer_common/sanitizer_common_interceptors.inc:3138:21: note: ‘local_iovec.__sanitizer::__sanitizer_iovec::iov_len’ was declared here
__sanitizer_iovec local_iovec;
^
/b/c/b/ToTLinux/src/third_party/llvm/compiler-rt/lib/esan/esan_interceptors.cpp:75:53: warning: ‘local_iovec.__sanitizer::__sanitizer_iovec::iov_base’ may be used uninitialized in this function [-Wmaybe-uninitialized]
processRangeAccess(CUR_PC(), (uptr)ptr, size, true)
^
In file included from /b/c/b/ToTLinux/src/third_party/llvm/compiler-rt/lib/esan/esan_interceptors.cpp:187:0:
/b/c/b/ToTLinux/src/third_party/llvm/compiler-rt/lib/esan/../sanitizer_common/sanitizer_common_interceptors.inc:3138:21: note: ‘local_iovec.__sanitizer::__sanitizer_iovec::iov_base’ was declared here
__sanitizer_iovec local_iovec;
,
Aug 3
This bug has an owner, thus, it's been triaged. Changing status to "assigned".
,
Sep 10
TLDR; -Wmaybe-uninitialized fires here, but the variable is in fact initialized. Newer versions of Clang and GCC do not emit the warning here, so we're only seeing it because we're using an old GCC version on the bots. I'm marking this WontFix.
The code here is in INTERCEPTOR in sanitizer_common_interceptors.inc.
The relevant structure of the code is:
INTERCEPTOR(uptr, ptrace, int request, int pid, void *addr, void *data) {
__sanitizer_iovec local_iovec;
if (data) {
// ...
if (request == ptrace_setregset || request == ptrace_getregset) {
__sanitizer_iovec *iovec = (__sanitizer_iovec*)data;
COMMON_INTERCEPTOR_READ_RANGE(ctx, iovec, sizeof(*iovec));
local_iovec = *iovec;
if (request == ptrace_setregset)
COMMON_INTERCEPTOR_READ_RANGE(ctx, iovec->iov_base, iovec->iov_len);
}
}
uptr res = REAL(ptrace)(request, pid, addr, data);
if (!res && data) {
// ...
if (request == ptrace_getregset) {
// ...
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, local_iovec.iov_base,
local_iovec.iov_len);
}
}
return res;
}
ptrace() does not change request, so the latter mention of local_iovec is only reachable if request was ptrace_getregset and data was not null. But if that is the case, the former mention of local_iovec must also have been reached, and that is where local_iovec is initialized.
|
|||
►
Sign in to add a comment |
|||
Comment 1 by inglorion@chromium.org
, Apr 24 2018