[Bug 37132] New: Clang Static Analyzer: Uninitialized array item

wine-bugs at winehq.org wine-bugs at winehq.org
Sat Aug 16 13:40:46 CDT 2014 

https://bugs.winehq.org/show_bug.cgi?id=37132

            Bug ID: 37132
           Summary: Clang Static Analyzer:  Uninitialized array item
           Product: Wine
           Version: 1.7.22
          Hardware: x86-64
                OS: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: -unknown
          Assignee: wine-bugs at winehq.org
          Reporter: lukebenes at hotmail.com

Clang Static Analyzer identifies Uninitialized array item

File: dlls/avifil32/api.c

Location: line 1753, column 10

Description: Assigned value is garbage or undefined

#define MAX_AVISTREAMS 8
...
HRESULT WINAPI AVISaveVW(....int nStreams ....)
{
  ...
  //Declaring 8-item array, [0..7]
  PAVISTREAM     pInStreams[MAX_AVISTREAMS];
  ...
  if (nStreams >= MAX_AVISTREAMS) {
    WARN(...);
    return AVIERR_INTERNAL;
  }
  ...
  //Initializing first 7 items, [0..6].
  for (curStream = 0; curStream < nStreams; curStream++) {
    pInStreams[curStream]  = NULL;
    pOutStreams[curStream] = NULL;
  }
  ...
  for (curStream = 0; curStream < nStreams; curStream++) {
  ...
  if (curStream + 1 >= nStreams) {
    /* move the others one up */
    PAVISTREAM *ppas = &pInStreams[curStream];
    int            n = nStreams - (curStream + 1);

    do {
      *ppas = pInStreams[curStream + 1];
      //Clang: Assigned value is garbage or undefined
    } while (--n);
  }
  ...
  }
...
}

In this code, an array of 8 items is declared. The code will continue executing
as long as the nStreams variable is less than 8, i.e. 7 at most. All the loops
in this function with the conditional statement (curStream < nStreams) fail to
iterate through the last item, both before its initialization and when using
it. The line Clang displayed the message on is just that very line where the
eighth item with the index 7 is taken, as the (curStream + 1 >= nStreams)
condition will be true at curStream==6 and nStreams==7. Addressing the
pInStreams[curStream + 1] array will give us the last, previously uninitialized
item.

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list