From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Paul Eggert Newsgroups: gmane.emacs.bugs Subject: bug#8238: possibly uninitialized variable in gif_load Date: Sat, 12 Mar 2011 23:17:25 -0800 Organization: UCLA Computer Science Department Message-ID: <4D7C6F85.3060806@cs.ucla.edu> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Trace: dough.gmane.org 1300002749 4425 80.91.229.12 (13 Mar 2011 07:52:29 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Sun, 13 Mar 2011 07:52:29 +0000 (UTC) Cc: Julien Danjou To: 8238@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sun Mar 13 08:52:25 2011 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Pyg6C-0005YD-GN for geb-bug-gnu-emacs@m.gmane.org; Sun, 13 Mar 2011 08:52:24 +0100 Original-Received: from localhost ([127.0.0.1]:46877 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Pyg6C-00075k-3V for geb-bug-gnu-emacs@m.gmane.org; Sun, 13 Mar 2011 03:52:24 -0400 Original-Received: from [140.186.70.92] (port=54738 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Pyg65-00074b-Qi for bug-gnu-emacs@gnu.org; Sun, 13 Mar 2011 03:52:18 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Pyg64-0007cH-E3 for bug-gnu-emacs@gnu.org; Sun, 13 Mar 2011 03:52:17 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:46811) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1PyfrH-0004aN-31 for bug-gnu-emacs@gnu.org; Sun, 13 Mar 2011 03:36:59 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.69) (envelope-from ) id 1PyfYw-0001h9-IY; Sun, 13 Mar 2011 03:18:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Paul Eggert Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-To: owner@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sun, 13 Mar 2011 07:18:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 8238 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Original-Received: via spool by submit@debbugs.gnu.org id=B.13000006596484 (code B ref -1); Sun, 13 Mar 2011 07:18:02 +0000 Original-Received: (at submit) by debbugs.gnu.org; 13 Mar 2011 07:17:39 +0000 Original-Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1PyfYY-0001gX-OI for submit@debbugs.gnu.org; Sun, 13 Mar 2011 03:17:39 -0400 Original-Received: from eggs.gnu.org ([140.186.70.92]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1PyfYW-0001gI-Dk for submit@debbugs.gnu.org; Sun, 13 Mar 2011 03:17:37 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1PyfYQ-00011l-E0 for submit@debbugs.gnu.org; Sun, 13 Mar 2011 03:17:31 -0400 Original-Received: from lists.gnu.org ([199.232.76.165]:33894) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1PyfYQ-00011h-Bw for submit@debbugs.gnu.org; Sun, 13 Mar 2011 03:17:30 -0400 Original-Received: from [140.186.70.92] (port=37682 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1PyfYP-00067i-CT for bug-gnu-emacs@gnu.org; Sun, 13 Mar 2011 03:17:30 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1PyfYO-00011T-Bm for bug-gnu-emacs@gnu.org; Sun, 13 Mar 2011 03:17:29 -0400 Original-Received: from smtp.cs.ucla.edu ([131.179.128.62]:55420) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1PyfYO-00011O-5E for bug-gnu-emacs@gnu.org; Sun, 13 Mar 2011 03:17:28 -0400 Original-Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp.cs.ucla.edu (Postfix) with ESMTP id 41F9039E80F2; Sat, 12 Mar 2011 23:17:26 -0800 (PST) X-Virus-Scanned: amavisd-new at smtp.cs.ucla.edu Original-Received: from smtp.cs.ucla.edu ([127.0.0.1]) by localhost (smtp.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mW+i4w0ak2oV; Sat, 12 Mar 2011 23:17:25 -0800 (PST) Original-Received: from [192.168.1.10] (pool-71-189-109-235.lsanca.fios.verizon.net [71.189.109.235]) by smtp.cs.ucla.edu (Postfix) with ESMTPSA id 8DDB239E80DB; Sat, 12 Mar 2011 23:17:25 -0800 (PST) User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.14) Gecko/20110223 Thunderbird/3.1.8 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list Resent-Date: Sun, 13 Mar 2011 03:18:02 -0400 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:44965 Archived-At: I found this problem by code inspection. The following code in the Emacs trunk src/image.c's gif_load function is suspicious, because it uses a variable transparent_p that appears to be uninitialized in some cases: boolean transparent_p; ... for (i = 0; i < gif->SavedImages[ino].ExtensionBlockCount; i++) if ((gif->SavedImages[ino].ExtensionBlocks[i].Function == GIF_LOCAL_DESCRIPTOR_EXTENSION) && gif->SavedImages[ino].ExtensionBlocks[i].ByteCount == 4 /* Transparency enabled? */ && gif->SavedImages[ino].ExtensionBlocks[i].Bytes[0] & 1) { transparent_p = 1; ... } ... if (gif_color_map) for (i = 0; i < gif_color_map->ColorCount; ++i) { if (transparent_p && transparency_color_index == i) The code never sets transparent_p to any value other than 1, but sometimes transparent_p appears to be uninitialized. I'm filing a bug report so that someone who is more expert in this code can take a look at it. In the meantime, I plan to work around the problem by initializing the variable to 0. I'm CC'ing this to Julien Danjou, who committed the code in question.