* Problem report #125: base/src/emacs/src/search.c (simple_search); UNINIT
@ 2008-12-03 1:02 Dan Nicolaescu
2008-12-08 15:45 ` Dan Nicolaescu
0 siblings, 1 reply; 2+ messages in thread
From: Dan Nicolaescu @ 2008-12-03 1:02 UTC (permalink / raw)
To: emacs-devel
CID: 125
Checker: UNINIT (help)
File: base/src/emacs/src/search.c
Function: simple_search
Description: Using uninitialized value "match_byte" in call to function
"set_search_regs"
1428 static int
1429 simple_search (n, pat, len, len_byte, trt, pos, pos_byte, lim, lim_byte)
1430 int n;
1431 unsigned char *pat;
1432 int len, len_byte;
1433 Lisp_Object trt;
1434 int pos, pos_byte;
1435 int lim, lim_byte;
1436 {
At conditional (1): "(current_buffer)->enable_multibyte_characters != Qnil" taking true path
1437 int multibyte = ! NILP (current_buffer->enable_multibyte_characters);
At conditional (2): "n > 0" taking false path
1438 int forward = n > 0;
1439 /* Number of buffer bytes matched. Note that this may be different
1440 from len_byte in a multibyte buffer. */
Event var_decl: Declared variable "match_byte" without initializer
Also see events: [uninit_use_in_call]
1441 int match_byte;
1442
At conditional (3): "lim > pos" taking false path
1443 if (lim > pos && multibyte)
1444 while (n > 0)
1445 {
1446 while (1)
1447 {
1448 /* Try matching at position POS. */
1449 int this_pos = pos;
1450 int this_pos_byte = pos_byte;
1451 int this_len = len;
1452 int this_len_byte = len_byte;
1453 unsigned char *p = pat;
1454 if (pos + len > lim || pos_byte + len_byte > lim_byte)
1455 goto stop;
1456
1457 while (this_len > 0)
1458 {
1459 int charlen, buf_charlen;
1460 int pat_ch, buf_ch;
1461
1462 pat_ch = STRING_CHAR_AND_LENGTH (p, this_len_byte, charlen);
1463 buf_ch = STRING_CHAR_AND_LENGTH (BYTE_POS_ADDR (this_pos_byte),
1464 ZV_BYTE - this_pos_byte,
1465 buf_charlen);
1466 TRANSLATE (buf_ch, trt, buf_ch);
1467
1468 if (buf_ch != pat_ch)
1469 break;
1470
1471 this_len_byte -= charlen;
1472 this_len--;
1473 p += charlen;
1474
1475 this_pos_byte += buf_charlen;
1476 this_pos++;
1477 }
1478
1479 if (this_len == 0)
1480 {
1481 match_byte = this_pos_byte - pos_byte;
1482 pos += len;
1483 pos_byte += match_byte;
1484 break;
1485 }
1486
1487 INC_BOTH (pos, pos_byte);
1488 }
1489
1490 n--;
1491 }
At conditional (4): "lim > pos" taking false path
1492 else if (lim > pos)
1493 while (n > 0)
1494 {
1495 while (1)
1496 {
1497 /* Try matching at position POS. */
1498 int this_pos = pos;
1499 int this_len = len;
1500 unsigned char *p = pat;
1501
1502 if (pos + len > lim)
1503 goto stop;
1504
1505 while (this_len > 0)
1506 {
1507 int pat_ch = *p++;
1508 int buf_ch = FETCH_BYTE (this_pos);
1509 TRANSLATE (buf_ch, trt, buf_ch);
1510
1511 if (buf_ch != pat_ch)
1512 break;
1513
1514 this_len--;
1515 this_pos++;
1516 }
1517
1518 if (this_len == 0)
1519 {
1520 match_byte = len;
1521 pos += len;
1522 break;
1523 }
1524
1525 pos++;
1526 }
1527
1528 n--;
1529 }
1530 /* Backwards search. */
At conditional (5): "lim < pos" taking false path
1531 else if (lim < pos && multibyte)
1532 while (n < 0)
1533 {
1534 while (1)
1535 {
1536 /* Try matching at position POS. */
1537 int this_pos = pos - len;
1538 int this_pos_byte;
1539 int this_len = len;
1540 int this_len_byte = len_byte;
1541 unsigned char *p = pat;
1542
1543 if (this_pos < lim || (pos_byte - len_byte) < lim_byte)
1544 goto stop;
1545 this_pos_byte = CHAR_TO_BYTE (this_pos);
1546 match_byte = pos_byte - this_pos_byte;
1547
1548 while (this_len > 0)
1549 {
1550 int charlen, buf_charlen;
1551 int pat_ch, buf_ch;
1552
1553 pat_ch = STRING_CHAR_AND_LENGTH (p, this_len_byte, charlen);
1554 buf_ch = STRING_CHAR_AND_LENGTH (BYTE_POS_ADDR (this_pos_byte),
1555 ZV_BYTE - this_pos_byte,
1556 buf_charlen);
1557 TRANSLATE (buf_ch, trt, buf_ch);
1558
1559 if (buf_ch != pat_ch)
1560 break;
1561
1562 this_len_byte -= charlen;
1563 this_len--;
1564 p += charlen;
1565 this_pos_byte += buf_charlen;
1566 this_pos++;
1567 }
1568
1569 if (this_len == 0)
1570 {
1571 pos -= len;
1572 pos_byte -= match_byte;
1573 break;
1574 }
1575
1576 DEC_BOTH (pos, pos_byte);
1577 }
1578
1579 n++;
1580 }
At conditional (6): "lim < pos" taking false path
1581 else if (lim < pos)
1582 while (n < 0)
1583 {
1584 while (1)
1585 {
1586 /* Try matching at position POS. */
1587 int this_pos = pos - len;
1588 int this_len = len;
1589 unsigned char *p = pat;
1590
1591 if (this_pos < lim)
1592 goto stop;
1593
1594 while (this_len > 0)
1595 {
1596 int pat_ch = *p++;
1597 int buf_ch = FETCH_BYTE (this_pos);
1598 TRANSLATE (buf_ch, trt, buf_ch);
1599
1600 if (buf_ch != pat_ch)
1601 break;
1602 this_len--;
1603 this_pos++;
1604 }
1605
1606 if (this_len == 0)
1607 {
1608 match_byte = len;
1609 pos -= len;
1610 break;
1611 }
1612
1613 pos--;
1614 }
1615
1616 n++;
1617 }
1618
1619 stop:
At conditional (7): "n == 0" taking true path
1620 if (n == 0)
1621 {
At conditional (8): "forward != 0" taking false path
1622 if (forward)
1623 set_search_regs ((multibyte ? pos_byte : pos) - match_byte, match_byte);
1624 else
Event uninit_use_in_call: Using uninitialized value "match_byte" in call to function "set_search_regs" [model]
Also see events: [var_decl]
At conditional (9): "multibyte != 0" taking true path
1625 set_search_regs (multibyte ? pos_byte : pos, match_byte);
1626
1627 return pos;
1628 }
1629 else if (n > 0)
1630 return -n;
1631 else
1632 return n;
1633 }
16
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Problem report #125: base/src/emacs/src/search.c (simple_search); UNINIT
2008-12-03 1:02 Problem report #125: base/src/emacs/src/search.c (simple_search); UNINIT Dan Nicolaescu
@ 2008-12-08 15:45 ` Dan Nicolaescu
0 siblings, 0 replies; 2+ messages in thread
From: Dan Nicolaescu @ 2008-12-08 15:45 UTC (permalink / raw)
To: emacs-devel
Dan Nicolaescu <dann@ics.uci.edu> writes:
> CID: 125
> Checker: UNINIT (help)
> File: base/src/emacs/src/search.c
> Function: simple_search
> Description: Using uninitialized value "match_byte" in call to function
> "set_search_regs"
>
> 1428 static int
> 1429 simple_search (n, pat, len, len_byte, trt, pos, pos_byte, lim, lim_byte)
> 1430 int n;
> 1431 unsigned char *pat;
> 1432 int len, len_byte;
> 1433 Lisp_Object trt;
> 1434 int pos, pos_byte;
> 1435 int lim, lim_byte;
> 1436 {
>
> At conditional (1): "(current_buffer)->enable_multibyte_characters != Qnil" taking true path
>
> 1437 int multibyte = ! NILP (current_buffer->enable_multibyte_characters);
>
> At conditional (2): "n > 0" taking false path
>
> 1438 int forward = n > 0;
> 1439 /* Number of buffer bytes matched. Note that this may be different
> 1440 from len_byte in a multibyte buffer. */
>
> Event var_decl: Declared variable "match_byte" without initializer
> Also see events: [uninit_use_in_call]
>
> 1441 int match_byte;
> 1442
>
> At conditional (3): "lim > pos" taking false path
>
> 1443 if (lim > pos && multibyte)
> 1444 while (n > 0)
> 1445 {
> 1446 while (1)
> 1447 {
> 1448 /* Try matching at position POS. */
> 1449 int this_pos = pos;
> 1450 int this_pos_byte = pos_byte;
> 1451 int this_len = len;
> 1452 int this_len_byte = len_byte;
> 1453 unsigned char *p = pat;
> 1454 if (pos + len > lim || pos_byte + len_byte > lim_byte)
> 1455 goto stop;
> 1456
> 1457 while (this_len > 0)
> 1458 {
> 1459 int charlen, buf_charlen;
> 1460 int pat_ch, buf_ch;
> 1461
> 1462 pat_ch = STRING_CHAR_AND_LENGTH (p, this_len_byte, charlen);
> 1463 buf_ch = STRING_CHAR_AND_LENGTH (BYTE_POS_ADDR (this_pos_byte),
> 1464 ZV_BYTE - this_pos_byte,
> 1465 buf_charlen);
> 1466 TRANSLATE (buf_ch, trt, buf_ch);
> 1467
> 1468 if (buf_ch != pat_ch)
> 1469 break;
> 1470
> 1471 this_len_byte -= charlen;
> 1472 this_len--;
> 1473 p += charlen;
> 1474
> 1475 this_pos_byte += buf_charlen;
> 1476 this_pos++;
> 1477 }
> 1478
> 1479 if (this_len == 0)
> 1480 {
> 1481 match_byte = this_pos_byte - pos_byte;
> 1482 pos += len;
> 1483 pos_byte += match_byte;
> 1484 break;
> 1485 }
> 1486
> 1487 INC_BOTH (pos, pos_byte);
> 1488 }
> 1489
> 1490 n--;
> 1491 }
>
> At conditional (4): "lim > pos" taking false path
>
> 1492 else if (lim > pos)
> 1493 while (n > 0)
> 1494 {
> 1495 while (1)
> 1496 {
> 1497 /* Try matching at position POS. */
> 1498 int this_pos = pos;
> 1499 int this_len = len;
> 1500 unsigned char *p = pat;
> 1501
> 1502 if (pos + len > lim)
> 1503 goto stop;
> 1504
> 1505 while (this_len > 0)
> 1506 {
> 1507 int pat_ch = *p++;
> 1508 int buf_ch = FETCH_BYTE (this_pos);
> 1509 TRANSLATE (buf_ch, trt, buf_ch);
> 1510
> 1511 if (buf_ch != pat_ch)
> 1512 break;
> 1513
> 1514 this_len--;
> 1515 this_pos++;
> 1516 }
> 1517
> 1518 if (this_len == 0)
> 1519 {
> 1520 match_byte = len;
> 1521 pos += len;
> 1522 break;
> 1523 }
> 1524
> 1525 pos++;
> 1526 }
> 1527
> 1528 n--;
> 1529 }
> 1530 /* Backwards search. */
>
> At conditional (5): "lim < pos" taking false path
>
> 1531 else if (lim < pos && multibyte)
> 1532 while (n < 0)
> 1533 {
> 1534 while (1)
> 1535 {
> 1536 /* Try matching at position POS. */
> 1537 int this_pos = pos - len;
> 1538 int this_pos_byte;
> 1539 int this_len = len;
> 1540 int this_len_byte = len_byte;
> 1541 unsigned char *p = pat;
> 1542
> 1543 if (this_pos < lim || (pos_byte - len_byte) < lim_byte)
> 1544 goto stop;
> 1545 this_pos_byte = CHAR_TO_BYTE (this_pos);
> 1546 match_byte = pos_byte - this_pos_byte;
> 1547
> 1548 while (this_len > 0)
> 1549 {
> 1550 int charlen, buf_charlen;
> 1551 int pat_ch, buf_ch;
> 1552
> 1553 pat_ch = STRING_CHAR_AND_LENGTH (p, this_len_byte, charlen);
> 1554 buf_ch = STRING_CHAR_AND_LENGTH (BYTE_POS_ADDR (this_pos_byte),
> 1555 ZV_BYTE - this_pos_byte,
> 1556 buf_charlen);
> 1557 TRANSLATE (buf_ch, trt, buf_ch);
> 1558
> 1559 if (buf_ch != pat_ch)
> 1560 break;
> 1561
> 1562 this_len_byte -= charlen;
> 1563 this_len--;
> 1564 p += charlen;
> 1565 this_pos_byte += buf_charlen;
> 1566 this_pos++;
> 1567 }
> 1568
> 1569 if (this_len == 0)
> 1570 {
> 1571 pos -= len;
> 1572 pos_byte -= match_byte;
> 1573 break;
> 1574 }
> 1575
> 1576 DEC_BOTH (pos, pos_byte);
> 1577 }
> 1578
> 1579 n++;
> 1580 }
>
> At conditional (6): "lim < pos" taking false path
>
> 1581 else if (lim < pos)
> 1582 while (n < 0)
> 1583 {
> 1584 while (1)
> 1585 {
> 1586 /* Try matching at position POS. */
> 1587 int this_pos = pos - len;
> 1588 int this_len = len;
> 1589 unsigned char *p = pat;
> 1590
> 1591 if (this_pos < lim)
> 1592 goto stop;
> 1593
> 1594 while (this_len > 0)
> 1595 {
> 1596 int pat_ch = *p++;
> 1597 int buf_ch = FETCH_BYTE (this_pos);
> 1598 TRANSLATE (buf_ch, trt, buf_ch);
> 1599
> 1600 if (buf_ch != pat_ch)
> 1601 break;
> 1602 this_len--;
> 1603 this_pos++;
> 1604 }
> 1605
> 1606 if (this_len == 0)
> 1607 {
> 1608 match_byte = len;
> 1609 pos -= len;
> 1610 break;
> 1611 }
> 1612
> 1613 pos--;
> 1614 }
> 1615
> 1616 n++;
> 1617 }
> 1618
> 1619 stop:
>
> At conditional (7): "n == 0" taking true path
>
> 1620 if (n == 0)
> 1621 {
>
> At conditional (8): "forward != 0" taking false path
>
> 1622 if (forward)
> 1623 set_search_regs ((multibyte ? pos_byte : pos) - match_byte, match_byte);
> 1624 else
>
> Event uninit_use_in_call: Using uninitialized value "match_byte" in call to function "set_search_regs" [model]
> Also see events: [var_decl]
> At conditional (9): "multibyte != 0" taking true path
>
> 1625 set_search_regs (multibyte ? pos_byte : pos, match_byte);
> 1626
> 1627 return pos;
> 1628 }
> 1629 else if (n > 0)
> 1630 return -n;
> 1631 else
> 1632 return n;
> 1633 }
> 16
This report is the only one that has not been analyzed at all. Anyone?
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2008-12-08 15:45 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-12-03 1:02 Problem report #125: base/src/emacs/src/search.c (simple_search); UNINIT Dan Nicolaescu
2008-12-08 15:45 ` Dan Nicolaescu
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).