[bug #66079] [troff] Uninitialized variable used within add_char function in roff/troff/input.cpp

Mon, 12 Aug 2024 06:47:17 -0700 

URL:
  <https://savannah.gnu.org/bugs/?66079>

                 Summary: [troff] Uninitialized variable used within add_char
function in roff/troff/input.cpp
                   Group: GNU roff
               Submitter: ljavorsk
               Submitted: Mon 12 Aug 2024 01:46:56 PM UTC
                Category: General
                Severity: 3 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
         Planned Release: None


    _______________________________________________________

Follow-up Comments:


-------------------------------------------------------
Date: Mon 12 Aug 2024 01:46:56 PM UTC By: Lukas Javorsky <ljavorsk>
Using uninitialized variable "s" could cause undefined behavior. It's safer to
initialize it to "0" to ensure it doesn't happen.

These defects were identified by SAST analyzers (combination of
coverity,snyk,cppcheck,gcc,clang,shellcheck,unicontrol), and from 98 findings
these are few that I believe are NOT false positives.

Error: UNINIT (CWE-457):
groff-1.23.0/src/roff/troff/input.cpp:7303: var_decl: Declaring variable "s"
without initializer.
groff-1.23.0/src/roff/troff/input.cpp:7314: uninit_use_in_call: Using
uninitialized value "s" when calling "add_char".
# 7312|     case TOKEN_ESCAPE:
# 7313|       if (escape_char != 0)
# 7314|->       *pp = (*pp)->add_char(charset_table[escape_char], curenv, &w,
&s);
# 7315|       break;
# 7316|     case TOKEN_HYPHEN_INDICATOR:

Possible remedy:
Commits are in the attachments

Please let me know if you believe these are indeed false positives and why.
Thank you so much for your collaboration.






    _______________________________________________________
File Attachments:


-------------------------------------------------------
Name: 0001-Initialize-s-to-prevent-undefined-behavior.patch  Size: 686B
<https://file.savannah.gnu.org/file/0001-Initialize-s-to-prevent-undefined-behavior.patch?file_id=56346>

    AGPL NOTICE

These attachments are served by Savane. You can download the corresponding
source code of Savane at
https://git.savannah.nongnu.org/cgit/administration/savane.git/snapshot/savane-d76bf983d304f2acfc08b5b4a201839fd9edec71.tar.gz

    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?66079>

_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/

Attachment: signature.asc
Description: PGP signature

Reply via email to