From: Dan Nicolaescu <dann@ics.uci.edu>
To: emacs-devel@gnu.org
Subject: Re: Problem report #125: base/src/emacs/src/search.c (simple_search); UNINIT
Date: Mon, 8 Dec 2008 07:45:47 -0800 (PST) [thread overview]
Message-ID: <200812081545.mB8FjlG7017386@mothra.ics.uci.edu> (raw)
In-Reply-To: <200812030120.mB31KGI5022806@mothra.ics.uci.edu> (Dan Nicolaescu's message of "Tue, 02 Dec 2008 17:02:36 -0800")
Dan Nicolaescu <dann@ics.uci.edu> writes:
> CID: 125
> Checker: UNINIT (help)
> File: base/src/emacs/src/search.c
> Function: simple_search
> Description: Using uninitialized value "match_byte" in call to function
> "set_search_regs"
>
> 1428 static int
> 1429 simple_search (n, pat, len, len_byte, trt, pos, pos_byte, lim, lim_byte)
> 1430 int n;
> 1431 unsigned char *pat;
> 1432 int len, len_byte;
> 1433 Lisp_Object trt;
> 1434 int pos, pos_byte;
> 1435 int lim, lim_byte;
> 1436 {
>
> At conditional (1): "(current_buffer)->enable_multibyte_characters != Qnil" taking true path
>
> 1437 int multibyte = ! NILP (current_buffer->enable_multibyte_characters);
>
> At conditional (2): "n > 0" taking false path
>
> 1438 int forward = n > 0;
> 1439 /* Number of buffer bytes matched. Note that this may be different
> 1440 from len_byte in a multibyte buffer. */
>
> Event var_decl: Declared variable "match_byte" without initializer
> Also see events: [uninit_use_in_call]
>
> 1441 int match_byte;
> 1442
>
> At conditional (3): "lim > pos" taking false path
>
> 1443 if (lim > pos && multibyte)
> 1444 while (n > 0)
> 1445 {
> 1446 while (1)
> 1447 {
> 1448 /* Try matching at position POS. */
> 1449 int this_pos = pos;
> 1450 int this_pos_byte = pos_byte;
> 1451 int this_len = len;
> 1452 int this_len_byte = len_byte;
> 1453 unsigned char *p = pat;
> 1454 if (pos + len > lim || pos_byte + len_byte > lim_byte)
> 1455 goto stop;
> 1456
> 1457 while (this_len > 0)
> 1458 {
> 1459 int charlen, buf_charlen;
> 1460 int pat_ch, buf_ch;
> 1461
> 1462 pat_ch = STRING_CHAR_AND_LENGTH (p, this_len_byte, charlen);
> 1463 buf_ch = STRING_CHAR_AND_LENGTH (BYTE_POS_ADDR (this_pos_byte),
> 1464 ZV_BYTE - this_pos_byte,
> 1465 buf_charlen);
> 1466 TRANSLATE (buf_ch, trt, buf_ch);
> 1467
> 1468 if (buf_ch != pat_ch)
> 1469 break;
> 1470
> 1471 this_len_byte -= charlen;
> 1472 this_len--;
> 1473 p += charlen;
> 1474
> 1475 this_pos_byte += buf_charlen;
> 1476 this_pos++;
> 1477 }
> 1478
> 1479 if (this_len == 0)
> 1480 {
> 1481 match_byte = this_pos_byte - pos_byte;
> 1482 pos += len;
> 1483 pos_byte += match_byte;
> 1484 break;
> 1485 }
> 1486
> 1487 INC_BOTH (pos, pos_byte);
> 1488 }
> 1489
> 1490 n--;
> 1491 }
>
> At conditional (4): "lim > pos" taking false path
>
> 1492 else if (lim > pos)
> 1493 while (n > 0)
> 1494 {
> 1495 while (1)
> 1496 {
> 1497 /* Try matching at position POS. */
> 1498 int this_pos = pos;
> 1499 int this_len = len;
> 1500 unsigned char *p = pat;
> 1501
> 1502 if (pos + len > lim)
> 1503 goto stop;
> 1504
> 1505 while (this_len > 0)
> 1506 {
> 1507 int pat_ch = *p++;
> 1508 int buf_ch = FETCH_BYTE (this_pos);
> 1509 TRANSLATE (buf_ch, trt, buf_ch);
> 1510
> 1511 if (buf_ch != pat_ch)
> 1512 break;
> 1513
> 1514 this_len--;
> 1515 this_pos++;
> 1516 }
> 1517
> 1518 if (this_len == 0)
> 1519 {
> 1520 match_byte = len;
> 1521 pos += len;
> 1522 break;
> 1523 }
> 1524
> 1525 pos++;
> 1526 }
> 1527
> 1528 n--;
> 1529 }
> 1530 /* Backwards search. */
>
> At conditional (5): "lim < pos" taking false path
>
> 1531 else if (lim < pos && multibyte)
> 1532 while (n < 0)
> 1533 {
> 1534 while (1)
> 1535 {
> 1536 /* Try matching at position POS. */
> 1537 int this_pos = pos - len;
> 1538 int this_pos_byte;
> 1539 int this_len = len;
> 1540 int this_len_byte = len_byte;
> 1541 unsigned char *p = pat;
> 1542
> 1543 if (this_pos < lim || (pos_byte - len_byte) < lim_byte)
> 1544 goto stop;
> 1545 this_pos_byte = CHAR_TO_BYTE (this_pos);
> 1546 match_byte = pos_byte - this_pos_byte;
> 1547
> 1548 while (this_len > 0)
> 1549 {
> 1550 int charlen, buf_charlen;
> 1551 int pat_ch, buf_ch;
> 1552
> 1553 pat_ch = STRING_CHAR_AND_LENGTH (p, this_len_byte, charlen);
> 1554 buf_ch = STRING_CHAR_AND_LENGTH (BYTE_POS_ADDR (this_pos_byte),
> 1555 ZV_BYTE - this_pos_byte,
> 1556 buf_charlen);
> 1557 TRANSLATE (buf_ch, trt, buf_ch);
> 1558
> 1559 if (buf_ch != pat_ch)
> 1560 break;
> 1561
> 1562 this_len_byte -= charlen;
> 1563 this_len--;
> 1564 p += charlen;
> 1565 this_pos_byte += buf_charlen;
> 1566 this_pos++;
> 1567 }
> 1568
> 1569 if (this_len == 0)
> 1570 {
> 1571 pos -= len;
> 1572 pos_byte -= match_byte;
> 1573 break;
> 1574 }
> 1575
> 1576 DEC_BOTH (pos, pos_byte);
> 1577 }
> 1578
> 1579 n++;
> 1580 }
>
> At conditional (6): "lim < pos" taking false path
>
> 1581 else if (lim < pos)
> 1582 while (n < 0)
> 1583 {
> 1584 while (1)
> 1585 {
> 1586 /* Try matching at position POS. */
> 1587 int this_pos = pos - len;
> 1588 int this_len = len;
> 1589 unsigned char *p = pat;
> 1590
> 1591 if (this_pos < lim)
> 1592 goto stop;
> 1593
> 1594 while (this_len > 0)
> 1595 {
> 1596 int pat_ch = *p++;
> 1597 int buf_ch = FETCH_BYTE (this_pos);
> 1598 TRANSLATE (buf_ch, trt, buf_ch);
> 1599
> 1600 if (buf_ch != pat_ch)
> 1601 break;
> 1602 this_len--;
> 1603 this_pos++;
> 1604 }
> 1605
> 1606 if (this_len == 0)
> 1607 {
> 1608 match_byte = len;
> 1609 pos -= len;
> 1610 break;
> 1611 }
> 1612
> 1613 pos--;
> 1614 }
> 1615
> 1616 n++;
> 1617 }
> 1618
> 1619 stop:
>
> At conditional (7): "n == 0" taking true path
>
> 1620 if (n == 0)
> 1621 {
>
> At conditional (8): "forward != 0" taking false path
>
> 1622 if (forward)
> 1623 set_search_regs ((multibyte ? pos_byte : pos) - match_byte, match_byte);
> 1624 else
>
> Event uninit_use_in_call: Using uninitialized value "match_byte" in call to function "set_search_regs" [model]
> Also see events: [var_decl]
> At conditional (9): "multibyte != 0" taking true path
>
> 1625 set_search_regs (multibyte ? pos_byte : pos, match_byte);
> 1626
> 1627 return pos;
> 1628 }
> 1629 else if (n > 0)
> 1630 return -n;
> 1631 else
> 1632 return n;
> 1633 }
> 16
This report is the only one that has not been analyzed at all. Anyone?
prev parent reply other threads:[~2008-12-08 15:45 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-03 1:02 Problem report #125: base/src/emacs/src/search.c (simple_search); UNINIT Dan Nicolaescu
2008-12-08 15:45 ` Dan Nicolaescu [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200812081545.mB8FjlG7017386@mothra.ics.uci.edu \
--to=dann@ics.uci.edu \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).