[Bug 210798] devel/gdb: Uninitialized variables found presenting possible security issues or bugs

Tue Jul 12 08:38:20 UTC 2016

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210798

--- Comment #7 from Mark Millard <markmi at dsl-only.net> ---
[Other things have taken my time but here are the results of one test of the
patch: amd64 context.]

I applied your patch on an amd64 11.0 -r302457 context with /usr/ports at
-r4178253 and rebuilt gdb, generating a typescript file via script.

grep'ing that typescript file for "warning:" shows:

# grep warning: ~/ports_typescripts/gdb_patch_typescript
checking for memmem... inflate.c:1507:61: warning: shifting a negative signed
value is undefined [-Wshift-negative-value]
./simple-object-xcoff.c:330:12: warning: using extended field designator is an
extension [-Wextended-offsetof]
./simple-object-xcoff.c:332:39: warning: using extended field designator is an
extension [-Wextended-offsetof]
./simple-object-xcoff.c:335:29: warning: using extended field designator is an
extension [-Wextended-offsetof]
./simple-object-xcoff.c:342:12: warning: using extended field designator is an
extension [-Wextended-offsetof]
./simple-object-xcoff.c:344:39: warning: using extended field designator is an
extension [-Wextended-offsetof]
./simple-object-xcoff.c:347:29: warning: using extended field designator is an
extension [-Wextended-offsetof]
./simple-object-xcoff.c:475:32: warning: using extended field designator is an
extension [-Wextended-offsetof]
./simple-object-xcoff.c:477:30: warning: using extended field designator is an
extension [-Wextended-offsetof]
./simple-object-xcoff.c:482:32: warning: using extended field designator is an
extension [-Wextended-offsetof]
./simple-object-xcoff.c:484:30: warning: using extended field designator is an
extension [-Wextended-offsetof]
./simple-object-xcoff.c:598:21: warning: using extended field designator is an
extension [-Wextended-offsetof]
./simple-object-xcoff.c:600:21: warning: using extended field designator is an
extension [-Wextended-offsetof]
./simple-object-xcoff.c:603:21: warning: using extended field designator is an
extension [-Wextended-offsetof]
./simple-object-xcoff.c:608:21: warning: using extended field designator is an
extension [-Wextended-offsetof]
./simple-object-xcoff.c:610:21: warning: using extended field designator is an
extension [-Wextended-offsetof]
./simple-object-xcoff.c:613:21: warning: using extended field designator is an
extension [-Wextended-offsetof]
./simple-object-xcoff.c:663:21: warning: using extended field designator is an
extension [-Wextended-offsetof]
./simple-object-xcoff.c:665:21: warning: using extended field designator is an
extension [-Wextended-offsetof]
./simple-object-xcoff.c:670:21: warning: using extended field designator is an
extension [-Wextended-offsetof]
./simple-object-xcoff.c:672:21: warning: using extended field designator is an
extension [-Wextended-offsetof]
./simple-object-xcoff.c:683:19: warning: using extended field designator is an
extension [-Wextended-offsetof]
./simple-object-xcoff.c:685:19: warning: using extended field designator is an
extension [-Wextended-offsetof]
./stack-limit.c:54:24: warning: comparison of integers of different signs:
'rlim_t' (aka 'long') and 'unsigned long' [-Wsign-compare]
checking whether logf is declared without a macro... rl78-dis.c:232:44:
warning: use of logical '||' with constant operand [-Wconstant-logical-operand]
microblaze-tdep.c:94:28: warning: format string is not a string literal
[-Wformat-nonliteral]
msp430-tdep.c:401:24: warning: comparison of constant 16 with expression of
type 'MSP430_Size' is always false
[-Wtautological-constant-out-of-range-compare]
score-tdep.c:819:12: warning: comparison of unsigned expression < 0 is always
false [-Wtautological-compare]
sh64-tdep.c:977:42: warning: comparison of unsigned expression >= 0 is always
true [-Wtautological-compare]
v850-tdep.c:562:35: warning: comparison of unsigned expression >= 0 is always
true [-Wtautological-compare]
v850-tdep.c:562:66: warning: comparison of unsigned expression >= 0 is always
true [-Wtautological-compare]
remote-mips.c:500:37: warning: format string is not a string literal
[-Wformat-nonliteral]
xcoffread.c:1027:41: warning: variable 'main_aux' is uninitialized when used
here [-Wuninitialized]
./nat/x86-dregs.c:209:7: warning: variable 'i' is incremented both in the loop
header and in the loop body [-Wfor-loop-analysis]
./tui/tui-stack.c:419:16: warning: expression which evaluates to zero treated
as a null pointer constant of type 'CORE_ADDR *' (aka 'unsigned long *')
[-Wnon-literal-null-conversion]
dtrace-probe.c:424:52: warning: while loop has empty body [-Wempty-body]
main.c:229:56: warning: adding 'int' to a string does not append to the string
[-Wstring-plus-int]
ada-lang.c:2489:50: warning: shifting a negative signed value is undefined
[-Wshift-negative-value]
ada-lang.c:2503:46: warning: shifting a negative signed value is undefined
[-Wshift-negative-value]
/usr/bin/ld: warning: libncurses.so.8, needed by /usr/local/lib/libreadline.so,
may conflict with libncurses.so.6
/usr/bin/ld: warning: libncurses.so.8, needed by /usr/local/lib/libreadline.so,
may conflict with libncurses.so.6

(libncurses.so.* issues are tied to /usr/lib and /lib vs. /usr/local/lib
bindings.)

Most of that is C source code being reported on, which is the focus here. I
list them all simply because you indicated you are starting to attempt to
eliminate many types of compiler reports.

Certainly the various things that I reported earlier are not listed in the
above: now gone, at least for amd64.

As for the make.conf in use:

# more /etc/make.conf
WANT_QT_VERBOSE_CONFIGURE=1
#
DEFAULT_VERSIONS+=perl5=5.22
WRKDIRPREFIX=/usr/obj/portswork
WITH_DEBUG=
WITH_DEBUG_FILES=
MALLOC_PRODUCTION=

An armv6 build might be somewhat different but I've not done that test yet. I
will.

[I will not have access to powerpc64 or powerpc again for weeks or months yet.
Currently I'm limited to amd64 and armv6 examples. So only little endian.]

-- 
You are receiving this mail because:
You are the assignee for the bug.