Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Major
Fix Version/s: 4.5.0
Affects Version/s: 4.5.0
Component/s: forestdb
Security Level: Public
Labels:
None
Environment:
Ubuntu 1404
couchbase/master @ commit c61a6e0095b179daf4f4b9d30b2a8f84f630ce8b

Triage:
Untriaged
Is this a Regression?:
Unknown
Sprint:
ForestDB: Oct 26 - Nov 13

Description

Running valgrind against my own recent commit showed up many errors in the existing code.

==27992== Conditional jump or move depends on uninitialised value(s)
==27992== at 0x4388A5: _fdb_kvs_header_import (kv_instance.cc:793)
==27992== by 0x439BAA: fdb_kvs_header_read (kv_instance.cc:995)
==27992== by 0x421D33: _fdb_open (forestdb.cc:1674)
==27992== by 0x422346: fdb_open_custom_cmp (forestdb.cc:687)
==27992== by 0x43F1B0: multi_kv_test(unsigned char, unsigned long) (multi_kv_functional_test.cc:316)
==27992== by 0x402DFB: main (multi_kv_functional_test.cc:2414)
==27992== Uninitialised value was created by a stack allocation
==27992== at 0x41FF30: _fdb_open (forestdb.cc:1323)

There is a path through fdb_open which leaves the version variable un-initialised but later used.

fdb_status _fdb_open(fdb_kvs_handle *handle,

                     const char *filename,

                     fdb_filename_mode_t filename_mode,

                     const fdb_config *config)

...

    uint64_t version; <- NOT Initialised

...

    // If cloning from a snapshot handle, fdb_snapshot_open would have already

    // set handle->last_hdr_bid to the block id of required header, so rewind..

    if (handle->shandle && handle->last_hdr_bid) {

        status = filemgr_fetch_header(handle->file, handle->last_hdr_bid,

                                      header_buf, &header_len, &seqnum,

                                      &header_revnum, NULL, &version, <- INITIALISED

                                      &handle->log_callback);

        if (status != FDB_RESULT_SUCCESS) {

            free(handle->filename);

            handle->filename = NULL;

            filemgr_close(handle->file, false, handle->filename,

                              &handle->log_callback);

            return status;

    } else { // Normal open

version not initialised on this path

        filemgr_get_header(handle->file, header_buf, &header_len,

                           &handle->last_hdr_bid, &seqnum, &header_revnum);

...

line 1674 passes version and it is not initialised.

            fdb_kvs_header_read(handle->file, handle->dhandle, kv_info_offset,

                                version, false);

...

Inside fdb_kvs_header_read->_fdb_kvs_header_import the version parameter is used in an if

    // Version control

    if (version == FILEMGR_MAGIC_V1) {

        is_deltasize = false;

        _deltasize = 0;

    } else {

        is_deltasize = true;

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Sundar Sridharan (Inactive)

Reporter:: Jim Walker

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 19/Aug/15 6:07 AM

Updated:: 25/Aug/15 5:05 PM

Resolved:: 25/Aug/15 5:05 PM

Gerrit Reviews

There are no open Gerrit changes

Show There is 1 closed Gerrit change

Hide There is 1 closed Gerrit change

MB-16110: valgrind error conditional jump depends on uninit variable: Gerrit Review:

valgrind: Conditional jump or move depends on uninitialised value(s)

Details

Description

Attachments

Gerrit Reviews

Activity

People

Dates

Gerrit Reviews

PagerDuty