Resend: [PATCH] Avoid use of uninitialized values in guid.c
Derek Atkins
warlord at MIT.EDU
Tue Feb 15 17:59:08 EST 2005
Chris,
Chris Shoemaker <c.shoemaker at cox.net> writes:
> Derek, did you notice that this email didn't make it to the list? Did
> it make it to you?
This is the first time I've seen this message, so it neither made it
to the list nor did it make it to me.
>> > What's your reasoning for changing the NULL GUID like this?
>>
>> human-friendly memory signature. It helped in debugging, and since
>> the null guid isn't special, any value is as good as any other.
Okay, I can accept that reasoning. :)
>> The problem with the original is that some (perhaps undocumented)
>> parts of the struct can be uninitialized. IMHO all this entropy
>> gathering is pointless anyway. There are several places that are
>> clearly silly superstition.
The easiest way to fix that is the memset(&sb, 0, sizeof(sb)) before
the stat() call.
>> The only thing I intended was to avoid the uninitialized read.
Fair enough. I think a memset ahead of the stat would solve the
initialization problem.
>> > > - guid_memchunk_init();
>> > > + /* Not needed: taken care of on first malloc.
>> > > + /* guid_memchunk_init(); */
>> >
>> > The problem is that you don't know which one is called first,
>> > guid_init() or guid_malloc(). If you want to protect the
>> > memchunk_init() from being double-called, that's fine.
>> >
>>
>> AFAICS, it's not a problem. We don't use the memchunk until after the
>> guid_malloc, so why init it earlier?
I'd have to look closer; where does the prng get seeded? I know there
are places where we initialize the guid code to seed the prng and then
use the prng later.
>> > > main (int argc, char **argv)
>> > > {
>> > > - scm_boot_guile(argc, argv, main_helper, NULL);
>> > > + /* scm_boot_guile(argc, argv, main_helper, NULL); */
>> > > + main_helper(NULL, argc, argv);
>> > > return 0;
>> >
>> > Why did you remove the scheme loading here?
>>
>> I don't remember. Feel free to drop it.
Okay
>> Thanks for giving my patches attention.
No, thank YOU for submitting them! :)
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord at MIT.EDU PGP key available
More information about the gnucash-patches
mailing list