Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: Two issues found with -fsanitize=undefined



On Sat, 19 Sep 2015 22:18:14 +0200
Markus Trippelsdorf <markus@xxxxxxxxxxxxxxx> wrote:
> ./D02glob.ztst: starting.
> exec.c:2240:6: runtime error: index 8 out of bounds for type 'int [8]'
> exec.c:2048:10: runtime error: index 8 out of bounds for type 'int [8]'
> exec.c:2122:7: runtime error: index 8 out of bounds for type 'int [8]'
 
MULTIOUNIT is 8. struct multio is defined as

struct multio {
    int ct;		/* # of redirections on this fd                 */
    int rflag;		/* 0 if open for reading, 1 if open for writing */
    int pipe;		/* fd of pipe if ct > 1                         */
    int fds[MULTIOUNIT]; /* list of src/dests redirected to/from this fd */
};

so something is probably up here when ct is 8 and the structure needs
reallocating.

	if (mfds[fd1]->ct == 1) {	/* split the stream */
           /* ... */
	} else {		/* add another fd to an already split stream */
	    int fdN;
	    if(!(mfds[fd1]->ct % MULTIOUNIT)) {
		int new = sizeof(struct multio) + sizeof(int) * mfds[fd1]->ct;
		int old = new - sizeof(int) * MULTIOUNIT;
		mfds[fd1] = hrealloc((char *)mfds[fd1], old, new);
	    }
	    if ((fdN = movefd(fd2)) < 0) {
		zerr("multio failed for fd %d: %e", fd2, errno);
		closemnodes(mfds);
		return;
	    }
	    mfds[fd1]->fds[mfds[fd1]->ct++] = fdN;
	}

However, it looks right.  You end up with MULTIOUNIT + ct fd's
available, which is what you want: ct goes from 8 to 9 with index 8
being used out of 0 to 15 allocated.  The zerr() before the return means
it doesn't matter if we don't actually increment ct as the structure is
never used (memory is on the heap).

It may be the compiler isn't actually looking at the memory allocated,
only the definition of the structure.  Certainly valgrind has never
complained here and this is something it should pick up.

pws



Messages sorted by: Reverse Date, Date, Thread, Author