From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Dan Nicolaescu Newsgroups: gmane.emacs.devel Subject: Re: Problem report #125: base/src/emacs/src/search.c (simple_search); UNINIT Date: Mon, 8 Dec 2008 07:45:47 -0800 (PST) Message-ID: <200812081545.mB8FjlG7017386@mothra.ics.uci.edu> References: <200812030120.mB31KGI5022806@mothra.ics.uci.edu> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: ger.gmane.org 1228751175 29287 80.91.229.12 (8 Dec 2008 15:46:15 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 8 Dec 2008 15:46:15 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Dec 08 16:47:19 2008 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1L9iKJ-0005dg-Eq for ged-emacs-devel@m.gmane.org; Mon, 08 Dec 2008 16:47:15 +0100 Original-Received: from localhost ([127.0.0.1]:57906 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1L9iJ8-0000dp-B8 for ged-emacs-devel@m.gmane.org; Mon, 08 Dec 2008 10:46:02 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1L9iJ2-0000be-85 for emacs-devel@gnu.org; Mon, 08 Dec 2008 10:45:56 -0500 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1L9iJ1-0000az-Pr for emacs-devel@gnu.org; Mon, 08 Dec 2008 10:45:55 -0500 Original-Received: from [199.232.76.173] (port=33405 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1L9iJ1-0000at-9F for emacs-devel@gnu.org; Mon, 08 Dec 2008 10:45:55 -0500 Original-Received: from barrelv2.ics.uci.edu ([128.195.1.114]:34241) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_3DES_EDE_CBC_SHA1:24) (Exim 4.60) (envelope-from ) id 1L9iJ0-0002cg-Nn for emacs-devel@gnu.org; Mon, 08 Dec 2008 10:45:55 -0500 Original-Received: from mothra.ics.uci.edu (mothra.ics.uci.edu [128.195.6.93]) by barrelv2.ics.uci.edu (8.13.7+Sun/8.13.7) with ESMTP id mB8FjlmB008864 for ; Mon, 8 Dec 2008 07:45:47 -0800 (PST) Original-Received: (from dann@localhost) by mothra.ics.uci.edu (8.13.8+Sun/8.13.6/Submit) id mB8FjlG7017386; Mon, 8 Dec 2008 07:45:47 -0800 (PST) In-Reply-To: <200812030120.mB31KGI5022806@mothra.ics.uci.edu> (Dan Nicolaescu's message of "Tue, 02 Dec 2008 17:02:36 -0800") Original-Lines: 252 X-ICS-MailScanner-Information: Please contact the ISP for more information X-ICS-MailScanner-ID: mB8FjlmB008864 X-ICS-MailScanner: Found to be clean X-ICS-MailScanner-SpamCheck: not spam, SpamAssassin (score=-1.44, required 5, autolearn=disabled, ALL_TRUSTED -1.44) X-ICS-MailScanner-From: dann@mothra.ics.uci.edu X-detected-operating-system: by monty-python.gnu.org: Solaris 10 (beta) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:106678 Archived-At: Dan Nicolaescu writes: > CID: 125 > Checker: UNINIT (help) > File: base/src/emacs/src/search.c > Function: simple_search > Description: Using uninitialized value "match_byte" in call to function > "set_search_regs" > > 1428 static int > 1429 simple_search (n, pat, len, len_byte, trt, pos, pos_byte, lim, lim_byte) > 1430 int n; > 1431 unsigned char *pat; > 1432 int len, len_byte; > 1433 Lisp_Object trt; > 1434 int pos, pos_byte; > 1435 int lim, lim_byte; > 1436 { > > At conditional (1): "(current_buffer)->enable_multibyte_characters != Qnil" taking true path > > 1437 int multibyte = ! NILP (current_buffer->enable_multibyte_characters); > > At conditional (2): "n > 0" taking false path > > 1438 int forward = n > 0; > 1439 /* Number of buffer bytes matched. Note that this may be different > 1440 from len_byte in a multibyte buffer. */ > > Event var_decl: Declared variable "match_byte" without initializer > Also see events: [uninit_use_in_call] > > 1441 int match_byte; > 1442 > > At conditional (3): "lim > pos" taking false path > > 1443 if (lim > pos && multibyte) > 1444 while (n > 0) > 1445 { > 1446 while (1) > 1447 { > 1448 /* Try matching at position POS. */ > 1449 int this_pos = pos; > 1450 int this_pos_byte = pos_byte; > 1451 int this_len = len; > 1452 int this_len_byte = len_byte; > 1453 unsigned char *p = pat; > 1454 if (pos + len > lim || pos_byte + len_byte > lim_byte) > 1455 goto stop; > 1456 > 1457 while (this_len > 0) > 1458 { > 1459 int charlen, buf_charlen; > 1460 int pat_ch, buf_ch; > 1461 > 1462 pat_ch = STRING_CHAR_AND_LENGTH (p, this_len_byte, charlen); > 1463 buf_ch = STRING_CHAR_AND_LENGTH (BYTE_POS_ADDR (this_pos_byte), > 1464 ZV_BYTE - this_pos_byte, > 1465 buf_charlen); > 1466 TRANSLATE (buf_ch, trt, buf_ch); > 1467 > 1468 if (buf_ch != pat_ch) > 1469 break; > 1470 > 1471 this_len_byte -= charlen; > 1472 this_len--; > 1473 p += charlen; > 1474 > 1475 this_pos_byte += buf_charlen; > 1476 this_pos++; > 1477 } > 1478 > 1479 if (this_len == 0) > 1480 { > 1481 match_byte = this_pos_byte - pos_byte; > 1482 pos += len; > 1483 pos_byte += match_byte; > 1484 break; > 1485 } > 1486 > 1487 INC_BOTH (pos, pos_byte); > 1488 } > 1489 > 1490 n--; > 1491 } > > At conditional (4): "lim > pos" taking false path > > 1492 else if (lim > pos) > 1493 while (n > 0) > 1494 { > 1495 while (1) > 1496 { > 1497 /* Try matching at position POS. */ > 1498 int this_pos = pos; > 1499 int this_len = len; > 1500 unsigned char *p = pat; > 1501 > 1502 if (pos + len > lim) > 1503 goto stop; > 1504 > 1505 while (this_len > 0) > 1506 { > 1507 int pat_ch = *p++; > 1508 int buf_ch = FETCH_BYTE (this_pos); > 1509 TRANSLATE (buf_ch, trt, buf_ch); > 1510 > 1511 if (buf_ch != pat_ch) > 1512 break; > 1513 > 1514 this_len--; > 1515 this_pos++; > 1516 } > 1517 > 1518 if (this_len == 0) > 1519 { > 1520 match_byte = len; > 1521 pos += len; > 1522 break; > 1523 } > 1524 > 1525 pos++; > 1526 } > 1527 > 1528 n--; > 1529 } > 1530 /* Backwards search. */ > > At conditional (5): "lim < pos" taking false path > > 1531 else if (lim < pos && multibyte) > 1532 while (n < 0) > 1533 { > 1534 while (1) > 1535 { > 1536 /* Try matching at position POS. */ > 1537 int this_pos = pos - len; > 1538 int this_pos_byte; > 1539 int this_len = len; > 1540 int this_len_byte = len_byte; > 1541 unsigned char *p = pat; > 1542 > 1543 if (this_pos < lim || (pos_byte - len_byte) < lim_byte) > 1544 goto stop; > 1545 this_pos_byte = CHAR_TO_BYTE (this_pos); > 1546 match_byte = pos_byte - this_pos_byte; > 1547 > 1548 while (this_len > 0) > 1549 { > 1550 int charlen, buf_charlen; > 1551 int pat_ch, buf_ch; > 1552 > 1553 pat_ch = STRING_CHAR_AND_LENGTH (p, this_len_byte, charlen); > 1554 buf_ch = STRING_CHAR_AND_LENGTH (BYTE_POS_ADDR (this_pos_byte), > 1555 ZV_BYTE - this_pos_byte, > 1556 buf_charlen); > 1557 TRANSLATE (buf_ch, trt, buf_ch); > 1558 > 1559 if (buf_ch != pat_ch) > 1560 break; > 1561 > 1562 this_len_byte -= charlen; > 1563 this_len--; > 1564 p += charlen; > 1565 this_pos_byte += buf_charlen; > 1566 this_pos++; > 1567 } > 1568 > 1569 if (this_len == 0) > 1570 { > 1571 pos -= len; > 1572 pos_byte -= match_byte; > 1573 break; > 1574 } > 1575 > 1576 DEC_BOTH (pos, pos_byte); > 1577 } > 1578 > 1579 n++; > 1580 } > > At conditional (6): "lim < pos" taking false path > > 1581 else if (lim < pos) > 1582 while (n < 0) > 1583 { > 1584 while (1) > 1585 { > 1586 /* Try matching at position POS. */ > 1587 int this_pos = pos - len; > 1588 int this_len = len; > 1589 unsigned char *p = pat; > 1590 > 1591 if (this_pos < lim) > 1592 goto stop; > 1593 > 1594 while (this_len > 0) > 1595 { > 1596 int pat_ch = *p++; > 1597 int buf_ch = FETCH_BYTE (this_pos); > 1598 TRANSLATE (buf_ch, trt, buf_ch); > 1599 > 1600 if (buf_ch != pat_ch) > 1601 break; > 1602 this_len--; > 1603 this_pos++; > 1604 } > 1605 > 1606 if (this_len == 0) > 1607 { > 1608 match_byte = len; > 1609 pos -= len; > 1610 break; > 1611 } > 1612 > 1613 pos--; > 1614 } > 1615 > 1616 n++; > 1617 } > 1618 > 1619 stop: > > At conditional (7): "n == 0" taking true path > > 1620 if (n == 0) > 1621 { > > At conditional (8): "forward != 0" taking false path > > 1622 if (forward) > 1623 set_search_regs ((multibyte ? pos_byte : pos) - match_byte, match_byte); > 1624 else > > Event uninit_use_in_call: Using uninitialized value "match_byte" in call to function "set_search_regs" [model] > Also see events: [var_decl] > At conditional (9): "multibyte != 0" taking true path > > 1625 set_search_regs (multibyte ? pos_byte : pos, match_byte); > 1626 > 1627 return pos; > 1628 } > 1629 else if (n > 0) > 1630 return -n; > 1631 else > 1632 return n; > 1633 } > 16 This report is the only one that has not been analyzed at all. Anyone?