Variables can be uninitialized causing undefined behavior.

Description

Variables can be uninitialized causing undefined behavior. I've seen this crash bro via a NOTICE call, and I think it is why the broker logging event issue() crashes inside the software framework.

See this example, which is a common mistake:

you'd expect this to trigger a reporter error of some sort, but instead it prints a random variable:

This program DOES work correctly:

Environment

None

Activity

Show:

Justin Azoff

January 26, 2017, 3:27 AM

Edited

Copy link to comment

Oh, and as a real world example, something like this was found to crash the manager on a cluster:

Vlad Grigorescu

January 28, 2017, 3:36 AM

Edited

Copy link to comment

This looks like the relevant function, in Expr.cc:

For Justin's code, there is a Frame pointer passed in, so the following gets evaluated.

I believe that offset is initialized to 0, but not actually set. NthElement just does:

So I think that somehow we need to check that the variable has actually been set.

Jon Siwek

February 7, 2017, 4:39 PM

Copy link to comment

topic/jsiwek/bit-1785 has a potential fix for this

The problem was that for functions w/ multiple bodies (i.e. events or hooks), the identifier offsets within the stack frame of a given body pointed to the values of whatever was in the last-executed body at that same offset.