[patch] fixed valgrind error in eval.c (Conditional jump or move depends on uninitialised value)

[Dominique Pellé]

Hi

I see a valgrind error with Vim-7.3.237 on Linux
sometimes (not all the time) when I enter the Ex
command  :FufBuffer  (command from the fuzzy-finder
plugin: http://www.vim.org/scripts/script.php?script_id=1984)

==15342== Conditional jump or move depends on uninitialised value(s)
==15342==    at 0x8085221: f_readfile (eval.c:14321)
==15342==    by 0x807D828: call_func (eval.c:8380)
==15342==    by 0x807E6F1: f_call (eval.c:9098)
==15342==    by 0x807D828: call_func (eval.c:8380)
==15342==    by 0x807D36F: get_func_tv (eval.c:8193)
==15342==    by 0x8079860: eval7 (eval.c:5128)
==15342==    by 0x8079179: eval6 (eval.c:4780)
==15342==    by 0x8078D6F: eval5 (eval.c:4596)
==15342==    by 0x8078309: eval4 (eval.c:4289)
==15342==    by 0x8078177: eval3 (eval.c:4201)
==15342==    by 0x8078019: eval2 (eval.c:4130)
==15342==    by 0x8077E6A: eval1 (eval.c:4055)
==15342==    by 0x8077DD5: eval0 (eval.c:4012)
==15342==    by 0x8092619: ex_return (eval.c:22322)
==15342==    by 0x80A8A10: do_one_cmd (ex_docmd.c:2672)
==15342==    by 0x80A62E9: do_cmdline (ex_docmd.c:1123)
==15342==    by 0x8091F91: call_user_func (eval.c:22116)
==15342==    by 0x807D726: call_func (eval.c:8351)
==15342==    by 0x807D36F: get_func_tv (eval.c:8193)
==15342==    by 0x8079860: eval7 (eval.c:5128)
==15342==    by 0x8079179: eval6 (eval.c:4780)
==15342==    by 0x8078D6F: eval5 (eval.c:4596)
==15342==    by 0x8078309: eval4 (eval.c:4289)
==15342==    by 0x8078177: eval3 (eval.c:4201)
==15342==    by 0x8078019: eval2 (eval.c:4130)
==15342==    by 0x8077E6A: eval1 (eval.c:4055)
==15342==    by 0x8077DD5: eval0 (eval.c:4012)
==15342==    by 0x80745B4: ex_let (eval.c:1885)
==15342==    by 0x80A8A10: do_one_cmd (ex_docmd.c:2672)
==15342==    by 0x80A62E9: do_cmdline (ex_docmd.c:1123)
==15342==    by 0x8091F91: call_user_func (eval.c:22116)
==15342==    by 0x807D726: call_func (eval.c:8351)
==15342==    by 0x807D36F: get_func_tv (eval.c:8193)
==15342==    by 0x8079860: eval7 (eval.c:5128)
==15342==    by 0x8079179: eval6 (eval.c:4780)
==15342==    by 0x8078D6F: eval5 (eval.c:4596)
==15342==    by 0x8078309: eval4 (eval.c:4289)
==15342==    by 0x8078177: eval3 (eval.c:4201)
==15342==    by 0x8078019: eval2 (eval.c:4130)
==15342==    by 0x8077E6A: eval1 (eval.c:4055)
==15342==    by 0x8077DD5: eval0 (eval.c:4012)
==15342==    by 0x80745B4: ex_let (eval.c:1885)
==15342==    by 0x80A8A10: do_one_cmd (ex_docmd.c:2672)
==15342==    by 0x80A62E9: do_cmdline (ex_docmd.c:1123)
==15342==    by 0x8091F91: call_user_func (eval.c:22116)
==15342==    by 0x807D726: call_func (eval.c:8351)
==15342==    by 0x807D36F: get_func_tv (eval.c:8193)
==15342==    by 0x8076FBF: ex_call (eval.c:3435)
==15342==    by 0x80A8A10: do_one_cmd (ex_docmd.c:2672)
==15342==    by 0x80A62E9: do_cmdline (ex_docmd.c:1123)
==15342==    by 0x80AE381: do_ucmd (ex_docmd.c:6168)
==15342==    by 0x80A89E7: do_one_cmd (ex_docmd.c:2663)
==15342==    by 0x80A62E9: do_cmdline (ex_docmd.c:1123)
==15342==    by 0x8125075: nv_colon (normal.c:5352)
==15342==    by 0x811E685: normal_cmd (normal.c:1193)
==15342==    by 0x81E6A57: main_loop (main.c:1262)
==15342==    by 0x81E6480: main (main.c:964)
==15342==  Uninitialised value was created by a stack allocation
==15342==    at 0x8085046: f_readfile (eval.c:14274)

Code around eval.c:14321

 14314     while (cnt < maxline || maxline < 0)
 14315     {
 14316         readlen = (int)fread(buf + filtd, 1, FREAD_SIZE - filtd, fd);
 14317         buflen = filtd + readlen;
 14318         tolist = 0;
 14319         for ( ; filtd < buflen || readlen <= 0; ++filtd)
 14320         {
!14321             if (buf[filtd] == '\n' || readlen <= 0)
 14322             {

Adding debug printf, I can see that when error happens
readlen is 0 and filtd is 0. So buf[0] is read uninitialized
since nothing was read in buf[].  I think that the error is
harmless in practice, but attached patch fixes it.

Regards
-- Dominique

-- 
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

diff -r c45a38bd18a9 src/eval.c
--- a/src/eval.c	Sun Jun 26 19:40:23 2011 +0200
+++ b/src/eval.c	Sat Jul 02 19:13:26 2011 +0200
@@ -14318,7 +14318,7 @@
 	tolist = 0;
 	for ( ; filtd < buflen || readlen <= 0; ++filtd)
 	{
-	    if (buf[filtd] == '\n' || readlen <= 0)
+	    if (readlen <= 0 || buf[filtd] == '\n')
 	    {
 		/* In binary mode add an empty list item when the last
 		 * non-empty line ends in a '\n'. */