Re: [PATCH 1/6] parse-datetime, posixtm: avoid uninit access

Thu, 23 Nov 2017 17:11:07 -0800 

On 25/09/17 18:29, Paul Eggert wrote:
> * lib/parse-datetime.y (parse_datetime2):
> * lib/posixtm.c (posixtime):
> Do not access uninitialized storage, even though the resulting
> value is never used.
> ---
>  ChangeLog            |  8 ++++++++
>  lib/parse-datetime.y | 16 ++++++++++++++--
>  lib/posixtm.c        |  7 ++++++-
>  3 files changed, 28 insertions(+), 3 deletions(-)
> 
> diff --git a/ChangeLog b/ChangeLog
> index 386986ee7..9c6d73f72 100644
> --- a/ChangeLog
> +++ b/ChangeLog
> @@ -1,3 +1,11 @@
> +2017-09-25  Paul Eggert  <[email protected]>
> +
> +     parse-datetime, posixtm: avoid uninit access
> +     * lib/parse-datetime.y (parse_datetime2):
> +     * lib/posixtm.c (posixtime):
> +     Do not access uninitialized storage, even though the resulting
> +     value is never used.
> +
>  2017-09-25  Bruno Haible  <[email protected]>
>  
>       vma-iter: Improvements for BSD platforms.
> diff --git a/lib/parse-datetime.y b/lib/parse-datetime.y
> index 9eff2dc3b..f8da02d3f 100644
> --- a/lib/parse-datetime.y
> +++ b/lib/parse-datetime.y
> @@ -2034,7 +2034,13 @@ parse_datetime2 (struct timespec *result, char const 
> *p,
>        if (pc.local_zones_seen)
>          tm.tm_isdst = pc.local_isdst;
>  
> -      tm0 = tm;
> +      tm0.tm_sec = tm.tm_sec;
> +      tm0.tm_min = tm.tm_min;
> +      tm0.tm_hour = tm.tm_hour;
> +      tm0.tm_mday = tm.tm_mday;
> +      tm0.tm_mon = tm.tm_mon;
> +      tm0.tm_year = tm.tm_year;
> +      tm0.tm_isdst = tm.tm_isdst;
>  
>        Start = mktime_z (tz, &tm);
>  
> @@ -2064,7 +2070,13 @@ parse_datetime2 (struct timespec *result, char const 
> *p,
>                      dbg_printf (_("error: tzalloc (\"%s\") failed\n"), 
> tz2buf);
>                    goto fail;
>                  }
> -              tm = tm0;
> +              tm.tm_sec = tm0.tm_sec;
> +              tm.tm_min = tm0.tm_min;
> +              tm.tm_hour = tm0.tm_hour;
> +              tm.tm_mday = tm0.tm_mday;
> +              tm.tm_mon = tm0.tm_mon;
> +              tm.tm_year = tm0.tm_year;
> +              tm.tm_isdst = tm0.tm_isdst;
>                Start = mktime_z (tz2, &tm);
>                repaired = mktime_ok (tz2, &tm0, &tm, Start);
>                tzfree (tz2);
> diff --git a/lib/posixtm.c b/lib/posixtm.c
> index 26a35dd3f..030f704f0 100644
> --- a/lib/posixtm.c
> +++ b/lib/posixtm.c
> @@ -182,7 +182,12 @@ posixtime (time_t *p, const char *s, unsigned int 
> syntax_bits)
>    if (! posix_time_parse (&tm0, s, syntax_bits))
>      return false;
>  
> -  tm1 = tm0;
> +  tm1.tm_sec = tm0.tm_sec;
> +  tm1.tm_min = tm0.tm_min;
> +  tm1.tm_hour = tm0.tm_hour;
> +  tm1.tm_mday = tm0.tm_mday;
> +  tm1.tm_mon = tm0.tm_mon;
> +  tm1.tm_year = tm0.tm_year;
>    tm1.tm_isdst = -1;
>    t = mktime (&tm1);
>  
> 

This triggers the following warning with gcc-6.3

  lib/posixtm.c:214:20: error: '*((void *)&tm0+20)' may be used
  uninitialized in this function [-Werror=maybe-uninitialized]
     if ((tm0.tm_year ^ tm->tm_year)
         ~~~~~~~~~~~~~^~~~~~~~~~~~~~

It's not introducing any new issue I think, but
seems to be triggering the compiler warning due
to tm_year being explicitly set?

How about the attached to ensure tm_year is set?

cheers,
Pádraig

>From d1917dcdf83e4e754f2c5606a729faa6566e9939 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A1draig=20Brady?= <[email protected]>
Date: Thu, 23 Nov 2017 17:01:04 -0800
Subject: [PATCH] posixtm: avoid maybe-uninitialized warnings

* lib/posixtm.c (year): Ensure that tm_year is initialized.
Since commit 619700e1, gcc-6.3 at least fails to compile with:
  lib/posixtm.c: In function 'posixtime':
  lib/posixtm.c:214:20: error: '*((void *)&tm0+20)' may be used
  uninitialized in this function [-Werror=maybe-uninitialized]
     if ((tm0.tm_year ^ tm->tm_year)
         ~~~~~~~~~~~~~^~~~~~~~~~~~~~
---
 ChangeLog     | 11 +++++++++++
 lib/posixtm.c |  7 ++++++-
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 700ee09..a24d7c2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2017-11-23  Pádraig Brady  <[email protected]>
+
+	posixtm: avoid maybe-uninitialized warnings
+	* lib/posixtm.c (year): Ensure that tm_year is initialized.
+	Since commit 619700e1, gcc-6.3 at least fails to compile with:
+	  lib/posixtm.c: In function 'posixtime':
+	  lib/posixtm.c:214:20: error: '*((void *)&tm0+20)' may be used
+	  uninitialized in this function [-Werror=maybe-uninitialized]
+	     if ((tm0.tm_year ^ tm->tm_year)
+	         ~~~~~~~~~~~~~^~~~~~~~~~~~~~
+
 2017-11-23  Paul Eggert  <[email protected]>
 
 	stat: work around Solaris bug with tv_nsec < 0
diff --git a/lib/posixtm.c b/lib/posixtm.c
index 030f704..bc75487 100644
--- a/lib/posixtm.c
+++ b/lib/posixtm.c
@@ -22,6 +22,7 @@
 
 #include "posixtm.h"
 
+#include <assert.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <sys/types.h>
@@ -96,7 +97,7 @@ year (struct tm *tm, const int *digit_pair, size_t n, unsigned int syntax_bits)
       break;
 
     default:
-      abort ();
+      assert (!"invalid year length");
     }
 
   return true;
@@ -110,6 +111,10 @@ posix_time_parse (struct tm *tm, const char *s, unsigned int syntax_bits)
   int *p;
   size_t i;
 
+  /* Ensure tm_year initialized  */
+  tm->tm_year = 0;  /* Avoid uninitialized warnings  */
+  assert (syntax_bits & PDS_LEADING_YEAR || syntax_bits & PDS_TRAILING_YEAR);
+
   size_t s_len = strlen (s);
   size_t len = s_len;
 
-- 
2.9.3

Reply via email to