From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Paul Eggert <eggert@cs.ucla.edu>
Newsgroups: gmane.emacs.bugs
Subject: bug#8215: possibly uninitialized variable lower_xoff in
	produce_glyphless_glyph
Date: Wed, 09 Mar 2011 14:00:12 -0800
Organization: UCLA Computer Science Department
Message-ID: <4D77F86C.9080809@cs.ucla.edu>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: dough.gmane.org 1299708435 9833 80.91.229.12 (9 Mar 2011 22:07:15 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Wed, 9 Mar 2011 22:07:15 +0000 (UTC)
To: 8215@debbugs.gnu.org
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Wed Mar 09 23:07:11 2011
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([199.232.76.165])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1PxRXC-0008I4-4M
	for geb-bug-gnu-emacs@m.gmane.org; Wed, 09 Mar 2011 23:07:10 +0100
Original-Received: from localhost ([127.0.0.1]:38037 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43)
	id 1PxRXB-0007NZ-HJ
	for geb-bug-gnu-emacs@m.gmane.org; Wed, 09 Mar 2011 17:07:09 -0500
Original-Received: from [140.186.70.92] (port=51654 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1PxRX1-0007LT-8R
	for bug-gnu-emacs@gnu.org; Wed, 09 Mar 2011 17:07:00 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1PxRWz-00026Y-V1
	for bug-gnu-emacs@gnu.org; Wed, 09 Mar 2011 17:06:59 -0500
Original-Received: from debbugs.gnu.org ([140.186.70.43]:46983)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1PxRWz-00026U-S3
	for bug-gnu-emacs@gnu.org; Wed, 09 Mar 2011 17:06:57 -0500
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.69)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1PxRRF-0000uk-Oo; Wed, 09 Mar 2011 17:01:01 -0500
X-Loop: help-debbugs@gnu.org
Resent-From: Paul Eggert <eggert@cs.ucla.edu>
Original-Sender: debbugs-submit-bounces@debbugs.gnu.org
Resent-To: owner@debbugs.gnu.org
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Wed, 09 Mar 2011 22:01:01 +0000
Resent-Message-ID: <handler.8215.B.12997080263473@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 8215
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: 
X-Debbugs-Original-To: bug-gnu-emacs@gnu.org
Original-Received: via spool by submit@debbugs.gnu.org id=B.12997080263473
	(code B ref -1); Wed, 09 Mar 2011 22:01:01 +0000
Original-Received: (at submit) by debbugs.gnu.org; 9 Mar 2011 22:00:26 +0000
Original-Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1PxRQg-0000tx-4L
	for submit@debbugs.gnu.org; Wed, 09 Mar 2011 17:00:26 -0500
Original-Received: from eggs.gnu.org ([140.186.70.92])
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <eggert@cs.ucla.edu>) id 1PxRQe-0000tl-1A
	for submit@debbugs.gnu.org; Wed, 09 Mar 2011 17:00:25 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eggert@cs.ucla.edu>) id 1PxRQY-0000db-1e
	for submit@debbugs.gnu.org; Wed, 09 Mar 2011 17:00:18 -0500
Original-Received: from lists.gnu.org ([199.232.76.165]:37091)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eggert@cs.ucla.edu>) id 1PxRQX-0000dX-Vf
	for submit@debbugs.gnu.org; Wed, 09 Mar 2011 17:00:17 -0500
Original-Received: from [140.186.70.92] (port=46758 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1PxRQW-0004lK-NG
	for bug-gnu-emacs@gnu.org; Wed, 09 Mar 2011 17:00:17 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eggert@cs.ucla.edu>) id 1PxRQV-0000cz-Ot
	for bug-gnu-emacs@gnu.org; Wed, 09 Mar 2011 17:00:16 -0500
Original-Received: from smtp.cs.ucla.edu ([131.179.128.62]:58136)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eggert@cs.ucla.edu>) id 1PxRQV-0000cl-97
	for bug-gnu-emacs@gnu.org; Wed, 09 Mar 2011 17:00:15 -0500
Original-Received: from localhost (localhost.localdomain [127.0.0.1])
	by smtp.cs.ucla.edu (Postfix) with ESMTP id E4FB939E80DB;
	Wed,  9 Mar 2011 14:00:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at smtp.cs.ucla.edu
Original-Received: from smtp.cs.ucla.edu ([127.0.0.1])
	by localhost (smtp.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 96wJD0QTXzPK; Wed,  9 Mar 2011 14:00:13 -0800 (PST)
Original-Received: from [131.179.64.200] (Penguin.CS.UCLA.EDU [131.179.64.200])
	by smtp.cs.ucla.edu (Postfix) with ESMTPSA id 29EDF39E80F8;
	Wed,  9 Mar 2011 14:00:13 -0800 (PST)
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US;
	rv:1.9.2.13) Gecko/20101209 Fedora/3.1.7-0.35.b3pre.fc14
	Thunderbird/3.1.7
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3)
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.11
Precedence: list
Resent-Date: Wed, 09 Mar 2011 17:01:01 -0500
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3)
X-Received-From: 140.186.70.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.bugs:44825
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/44825>

I found this problem by compiling Emacs with GCC's -Wuninitialized flag.

The following code in the Emacs trunk src/xdisp.c's
produce_glyphless_glyph function might be using an uninitialized
variable:

       if (base_width >= width)
	{
	  /* Align the upper to the left, the lower to the right.  */
	  it->pixel_width = base_width;
	  lower_xoff = base_width - 2 - metrics_lower.width;
	}
       else
	{
	  /* Center the shorter one.  */
	  it->pixel_width = width;
	  if (metrics_upper.width >= metrics_lower.width)
	    lower_xoff = (width - metrics_lower.width) / 2;
	  else
	    upper_xoff = (width - metrics_upper.width) / 2;
	}
   ...
   if (it->glyph_row)
     append_glyphless_glyph (it, face_id, for_no_font, len,
			    upper_xoff, upper_yoff,
			    lower_xoff, lower_yoff);

The last call uses lower_xoff, but the last "else" does not initialize
lower_xoff.  The bug cannot occur if it->glyph_row is NULL, but I
don't see why that would necessarily be.  So I'm filing a bug report
so that someone who is more expert in this code can take a look at it.
In the meantime, I plan to work around the problem by initializing
lower_xoff to 0, with a FIXME explaining the situation: this shouldn't
introduce a bug, because at worst it will replace undefined behavior
with defined behavior.

I'm CC'ing this to Kenichi Handa, who committed the code in question.