Resend: [PATCH] Avoid use of uninitialized values in guid.c

Derek Atkins warlord at MIT.EDU
Tue Feb 15 17:59:08 EST 2005


Chris,

Chris Shoemaker <c.shoemaker at cox.net> writes:

> Derek, did you notice that this email didn't make it to the list?  Did
> it make it to you?

This is the first time I've seen this message, so it neither made it
to the list nor did it make it to me.

>> > What's your reasoning for changing the NULL GUID like this?
>> 
>> human-friendly memory signature.  It helped in debugging, and since
>> the null guid isn't special, any value is as good as any other.

Okay, I can accept that reasoning. :)

>> The problem with the original is that some (perhaps undocumented)
>> parts of the struct can be uninitialized.  IMHO all this entropy
>> gathering is pointless anyway.  There are several places that are
>> clearly silly superstition.

The easiest way to fix that is the memset(&sb, 0, sizeof(sb)) before
the stat() call.

>> The only thing I intended was to avoid the uninitialized read.

Fair enough.  I think a memset ahead of the stat would solve the
initialization problem.

>> > > -  guid_memchunk_init();
>> > > +  /* Not needed: taken care of on first malloc.
>> > > +  /* guid_memchunk_init(); */
>> > 
>> > The problem is that you don't know which one is called first,
>> > guid_init() or guid_malloc().  If you want to protect the
>> > memchunk_init() from being double-called, that's fine.
>> > 
>> 
>> AFAICS, it's not a problem.  We don't use the memchunk until after the
>> guid_malloc, so why init it earlier?

I'd have to look closer; where does the prng get seeded?  I know there
are places where we initialize the guid code to seed the prng and then
use the prng later.

>> > >  main (int argc, char **argv)
>> > >  {
>> > > -  scm_boot_guile(argc, argv, main_helper, NULL);
>> > > +  /* scm_boot_guile(argc, argv, main_helper, NULL); */
>> > > +  main_helper(NULL, argc, argv);
>> > >    return 0;
>> > 
>> > Why did you remove the scheme loading here?
>> 
>> I don't remember.  Feel free to drop it.

Okay

>> Thanks for giving my patches attention.

No, thank YOU for submitting them!  :)

-derek
-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available


More information about the gnucash-patches mailing list