[kbd] [Lint][Bug report] src/openvt.c:386: 'pid' may be used uninitialized

[kbd] [Lint][Bug report] src/openvt.c:386: 'pid' may be used uninitialized

[Vladislav Ivanishin]

Hi,

I've found this bug using a static analyzer (slightly improved GCC).

Consider variable `pid` in function main from src/openvt.c:

src/openvt.c:166:       int opt, pid, i;
src/openvt.c:303:       if (direct_exec || ((pid = fork()) == 0)) {
src/openvt.c:386:       if (pid < 0)
src/openvt.c:393:               waitpid(pid, &retval, 0);

If direct_exec is TRUE, then pid doesn't get initialized, but it is used
outside the conditional regardless of that.

-- 
Vlad

Re: [kbd] [Lint][Bug report] src/openvt.c:386: 'pid' may be used uninitialized

[Alexey Gladkov]

On Tue, Jun 11, 2019 at 09:20:04PM +0300, Vladislav Ivanishin wrote:
> Hi,
> 
> I've found this bug using a static analyzer (slightly improved GCC).
> 
> Consider variable `pid` in function main from src/openvt.c:
> 
> src/openvt.c:166:       int opt, pid, i;
> src/openvt.c:303:       if (direct_exec || ((pid = fork()) == 0)) {
> src/openvt.c:386:       if (pid < 0)
> src/openvt.c:393:               waitpid(pid, &retval, 0);
> 
> If direct_exec is TRUE, then pid doesn't get initialized, but it is used
> outside the conditional regardless of that.

This is not a bug. If direct_exec is TRUE we will never be on line 386.
To make linter happy, I’ll make pid = 0.
Thanks!

-- 
Rgrds, legion

Re: [kbd] [Lint][Bug report] src/openvt.c:386: 'pid' may be used uninitialized

[Vladislav Ivanishin]

Sorry, I didn't get your reply (not sure what the actual reason is, but
it seems as if you've only replied to the list, and I am not subscribed)
so I've just read it today in the archives.

> On Tue, Jun 11, 2019 at 09:20:04PM +0300, Vladislav Ivanishin wrote:
> > Hi,
> > 
> > I've found this bug using a static analyzer (slightly improved GCC).
> > 
> > Consider variable `pid` in function main from src/openvt.c:
> > 
> > src/openvt.c:166:       int opt, pid, i;
> > src/openvt.c:303:       if (direct_exec || ((pid = fork()) == 0)) {
> > src/openvt.c:386:       if (pid < 0)
> > src/openvt.c:393:               waitpid(pid, &retval, 0);
> > 
> > If direct_exec is TRUE, then pid doesn't get initialized, but it is used
> > outside the conditional regardless of that.
> 
> This is not a bug. If direct_exec is TRUE we will never be on line 386.

Oh, I didn't realize that; my bad, thanks for pointing this out.

The real issue preventing the analyzer (i.e. the compiler) from seeing
this as well is kbd_error lacking the noreturn attribute.

> To make linter happy, I’ll make pid = 0.

So a more proper fix would be adding the attribute in the header file.
It would also make other compiler analyses/optimizations more effective.

-- 
Vlad

> Thanks!

> -- 
> Rgrds, legion

Re: [kbd] [Lint][Bug report] src/openvt.c:386: 'pid' may be used uninitialized

[Alexey Gladkov]

On Thu, Jul 11, 2019 at 09:03:49PM +0300, Vladislav Ivanishin wrote:
> Sorry, I didn't get your reply (not sure what the actual reason is, but
> it seems as if you've only replied to the list, and I am not subscribed)
> so I've just read it today in the archives.
> 
> > On Tue, Jun 11, 2019 at 09:20:04PM +0300, Vladislav Ivanishin wrote:
> > > Hi,
> > > 
> > > I've found this bug using a static analyzer (slightly improved GCC).
> > > 
> > > Consider variable `pid` in function main from src/openvt.c:
> > > 
> > > src/openvt.c:166:       int opt, pid, i;
> > > src/openvt.c:303:       if (direct_exec || ((pid = fork()) == 0)) {
> > > src/openvt.c:386:       if (pid < 0)
> > > src/openvt.c:393:               waitpid(pid, &retval, 0);
> > > 
> > > If direct_exec is TRUE, then pid doesn't get initialized, but it is used
> > > outside the conditional regardless of that.
> > 
> > This is not a bug. If direct_exec is TRUE we will never be on line 386.
> 
> Oh, I didn't realize that; my bad, thanks for pointing this out.
> 
> The real issue preventing the analyzer (i.e. the compiler) from seeing
> this as well is kbd_error lacking the noreturn attribute.
> 
> > To make linter happy, I’ll make pid = 0.
> 
> So a more proper fix would be adding the attribute in the header file.
> It would also make other compiler analyses/optimizations more effective.

I already did it recently:

https://github.com/legionus/kbd/commit/93689a202aeae8707c59c67aa1af5a36c27fba6c

-- 
Rgrds, legion