GNU bug report logs - #72251
defect found by covscan in diffutils-3.10 (gnulibs)

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Package: diffutils; Reported by: Wasser Mai <wasser19641@HIDDEN>; Keywords: notabug; Done: Paul Eggert <eggert@HIDDEN>; Maintainer for diffutils is bug-diffutils@HIDDEN.
bug closed, send any further explanations to 72251 <at> debbugs.gnu.org and Wasser Mai <wasser19641@HIDDEN> Request was from Paul Eggert <eggert@HIDDEN> to control <at> debbugs.gnu.org. Full text available.
Added tag(s) notabug. Request was from Paul Eggert <eggert@HIDDEN> to control <at> debbugs.gnu.org. Full text available.

Message received at 72251 <at> debbugs.gnu.org:


Received: (at 72251) by debbugs.gnu.org; 25 Jul 2024 05:37:55 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jul 25 01:37:54 2024
Received: from localhost ([127.0.0.1]:35161 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1sWrAo-0002MI-L3
	for submit <at> debbugs.gnu.org; Thu, 25 Jul 2024 01:37:54 -0400
Received: from mail.cs.ucla.edu ([131.179.128.66]:41972)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eggert@HIDDEN>) id 1sWrAm-0002Lv-BG
 for 72251 <at> debbugs.gnu.org; Thu, 25 Jul 2024 01:37:53 -0400
Received: from localhost (localhost [127.0.0.1])
 by mail.cs.ucla.edu (Postfix) with ESMTP id 459113C00E400;
 Wed, 24 Jul 2024 22:37:39 -0700 (PDT)
Received: from mail.cs.ucla.edu ([127.0.0.1])
 by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavis, port 10032) with ESMTP
 id 8pChHtuOaSth; Wed, 24 Jul 2024 22:37:39 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
 by mail.cs.ucla.edu (Postfix) with ESMTP id 012973C00E401;
 Wed, 24 Jul 2024 22:37:39 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.10.3 mail.cs.ucla.edu 012973C00E401
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.ucla.edu;
 s=9D0B346E-2AEB-11ED-9476-E14B719DCE6C; t=1721885859;
 bh=szRiSdF+g4btRjp3No6JhwNbg4plkhJtTdaqaQI6TW4=;
 h=Message-ID:Date:MIME-Version:To:From;
 b=cMrK4ElSUl8KRiGsawtpB+RUsk6hZr2tbJJ6S173jYVkk88LOUClIrExozxZuPWjQ
 U4HlobAAw9qoHNEiAJXqXdfL6sI50vd9y9r45i2Y9x2AWGLCny7kkF6xrIgrxT90mp
 w9EiLTepLoqLyXjDaFnyDRJKv+NLxcRkwNgd7aPPxC7UA1udtmWbHnWDcfXdlQVXmL
 FawEav+KhnsC1Wm/r2zpEjA4Wxys/J9hSryDm+639krxRBncw/98uuDrot2iq6fvxJ
 EWQStvKZ2QMYVP9otu0JwzkgAsY4DSYm2WEUS2slQMtLP2wJPNEafdEeKuVS0Phmqe
 luZNBSqXdicuQ==
X-Virus-Scanned: amavis at mail.cs.ucla.edu
Received: from mail.cs.ucla.edu ([127.0.0.1])
 by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavis, port 10026) with ESMTP
 id 1RmpRFGQnWCv; Wed, 24 Jul 2024 22:37:38 -0700 (PDT)
Received: from [192.168.254.12] (unknown [47.154.17.165])
 by mail.cs.ucla.edu (Postfix) with ESMTPSA id D53B33C00E400;
 Wed, 24 Jul 2024 22:37:38 -0700 (PDT)
Message-ID: <76b3590d-495e-47cf-a886-ca188ed33153@HIDDEN>
Date: Wed, 24 Jul 2024 22:37:38 -0700
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [bug-diffutils] bug#72251: defect found by covscan in
 diffutils-3.10 (gnulibs)
To: Wasser Mai <wasser19641@HIDDEN>
References: <CAGS-GNbBYwkPhAi_1J27rbEtzFmvQ48RiCLfKttsAoRfo89YDA@HIDDEN>
Content-Language: en-US
From: Paul Eggert <eggert@HIDDEN>
Organization: UCLA Computer Science Department
In-Reply-To: <CAGS-GNbBYwkPhAi_1J27rbEtzFmvQ48RiCLfKttsAoRfo89YDA@HIDDEN>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 72251
Cc: 72251 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

On 2024-07-22 10:29, Wasser Mai wrote:
> There's a following defect in diffutils-3.10 (gnulib) found by
> covscan. The memory dfa->eclosure points to is not initialized. It
> looks like a true positive.

It doesn't look like a true positive to me. The 'postorder' function 
initializes that memory, but covscan isn't smart enough to see that.

These days almost everything Coverity reports for core GNU utilities is 
a false positive, unfortunately.
Information forwarded to bug-diffutils@HIDDEN:
bug#72251; Package diffutils. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 23 Jul 2024 06:38:42 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Jul 23 02:38:42 2024
Received: from localhost ([127.0.0.1]:59012 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1sW9AV-0007Wt-SH
	for submit <at> debbugs.gnu.org; Tue, 23 Jul 2024 02:38:42 -0400
Received: from lists.gnu.org ([209.51.188.17]:42904)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <wasser19641@HIDDEN>) id 1sVwr0-0000bg-NQ
 for submit <at> debbugs.gnu.org; Mon, 22 Jul 2024 13:29:43 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <wasser19641@HIDDEN>)
 id 1sVwqv-0008Jy-Pm
 for bug-diffutils@HIDDEN; Mon, 22 Jul 2024 13:29:38 -0400
Received: from mail-lf1-x12f.google.com ([2a00:1450:4864:20::12f])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <wasser19641@HIDDEN>)
 id 1sVwqt-0006M3-Ok
 for bug-diffutils@HIDDEN; Mon, 22 Jul 2024 13:29:37 -0400
Received: by mail-lf1-x12f.google.com with SMTP id
 2adb3069b0e04-52ed741fe46so5280736e87.0
 for <bug-diffutils@HIDDEN>; Mon, 22 Jul 2024 10:29:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1721669370; x=1722274170; darn=gnu.org;
 h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
 :date:message-id:reply-to;
 bh=NaceFL/AgfBXGKFapdXgr28kJtmlArdiHqr+qXXhyVU=;
 b=CaPONT9Ow6bt5uOFXIyqMZRB2Yonejbb6bpb7NNVKWI5zpdu3fWw5qSo0cHWSc4bLt
 M3tcQs6ooOwDzFcZYMVs3k+EhzydZ0c52k3H67XGQkqPllUoRmHJDLSg9bsFmdwrPTB0
 KQ4kcoDIJRTs+EqqTxIWJasPccX65LhmCUARGALKv1Ja19dFjLKJFcnsHr+GJOYBTX1v
 Mg+LQIaPTScw7+tqqUSTS3JQ56o79CcKOBVp2X2Sufd/2lGg+QyOrUV+gCEI9OeX+WVC
 GvbCjjXQTxSdlTHf9bHR6BvgRtLJm/UMbbuIFgqqK3c7GIq5z5QWb04E87CLhYBV69DR
 tTzw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1721669370; x=1722274170;
 h=to:subject:message-id:date:from:mime-version:x-gm-message-state
 :from:to:cc:subject:date:message-id:reply-to;
 bh=NaceFL/AgfBXGKFapdXgr28kJtmlArdiHqr+qXXhyVU=;
 b=G9bzRdCbWPZRceORtbSEe8lAgzVi4Zd/h1el7BbFrzpjqJ9I7uWRzq6rO4G9uc9AY5
 t6uTktTle2tsKvb1zeZKJPGn1OhW7Niawmpt+bTDzNA5Wu676Zl+r6GhEN3pNPSZ7fXU
 vvzJwvVgNsEmfPiOVb8QsTBav6t+Kx0xA1SQSpWBnZCdLlWlq0KAbh05tNUN7p/4fTuY
 a0Mi9YdIA/d0cc2hwXu0PxulfdkvbeYAF1PGwl88J7HgoFAxoP3MIVAMVU8wrOX9XKvv
 6bDabTv9cVAU2trvhloqe/0iLxX+bXH7D2+meU5ExRfOK2I85JZFd2GDhPhoRJzvWmGv
 uUtA==
X-Gm-Message-State: AOJu0YzSMQxN/Pv0DTxDEmJO/BPpiAkyUjp+tQXjTmto36lVqcs8LMAz
 WZ7PlKjWMVL4IulDHy45O2JxSot180gwLtOfwKAM1ux6WBmdhpBGeuFAcE/ul2PBg62fV0YMi1C
 3W55H0boK5nFLj6tq0ZZL3Ezxn702sez9
X-Google-Smtp-Source: AGHT+IEFcRtD4hT5PhpzJv/8Zs5GW7/1T+BKiDLZ8ihCdWV32TIesVnlONdwMYjjHqX/SuDDorQAGmkkagVCAxa+yYg=
X-Received: by 2002:ac2:4bc2:0:b0:52c:9383:4c16 with SMTP id
 2adb3069b0e04-52efb7a0b03mr4877742e87.22.1721669369969; Mon, 22 Jul 2024
 10:29:29 -0700 (PDT)
MIME-Version: 1.0
From: Wasser Mai <wasser19641@HIDDEN>
Date: Mon, 22 Jul 2024 19:29:18 +0200
Message-ID: <CAGS-GNbBYwkPhAi_1J27rbEtzFmvQ48RiCLfKttsAoRfo89YDA@HIDDEN>
Subject: defect found by covscan in diffutils-3.10 (gnulibs)
To: bug-diffutils@HIDDEN
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=2a00:1450:4864:20::12f;
 envelope-from=wasser19641@HIDDEN; helo=mail-lf1-x12f.google.com
X-Spam_score_int: -17
X-Spam_score: -1.8
X-Spam_bar: -
X-Spam_report: (-1.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.1 (-)
X-Debbugs-Envelope-To: submit
X-Mailman-Approved-At: Tue, 23 Jul 2024 02:38:38 -0400
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.2 (/)

There's a following defect in diffutils-3.10 (gnulib) found by
covscan. The memory dfa->eclosure points to is not initialized. It
looks like a true positive.

Error: UNINIT (CWE-457):
diffutils-3.10/lib/regcomp.c:1134: alloc_fn: Calling "malloc" which
returns uninitialized memory.
diffutils-3.10/lib/regcomp.c:1134: assign: Assigning: "dfa->eclosures"
= "(re_node_set *)malloc(dfa->nodes_alloc * 24UL)", which points to
uninitialized data.
diffutils-3.10/lib/regcomp.c:1177: uninit_use_in_call: Using
uninitialized value "dfa->eclosures->elems" when calling
"calc_inveclosure".
diffutils-3.10/lib/regcomp.c:1177: uninit_use_in_call: Using
uninitialized value "dfa->eclosures->nelem" when calling
"calc_inveclosure".
# 1226|         if (__glibc_unlikely (dfa->inveclosures == NULL))
# 1227|           return REG_ESPACE;
# 1228|->       ret = calc_inveclosure (dfa);
# 1229|       }
# 1230|

maybe add a loop to iterate through all elements and call
re_node_set_init_empty to initialize each element like this?

diff -up diffutils-3.10/lib/regcomp.c.orig diffutils-3.10/lib/regcomp.c
--- diffutils-3.10/lib/regcomp.c.orig   2024-07-22 19:06:27.783986757 +0200
+++ diffutils-3.10/lib/regcomp.c        2024-07-22 19:10:41.303397164 +0200
@@ -1136,6 +1136,10 @@ analyze (regex_t *preg)
                       || dfa->edests == NULL || dfa->eclosures == NULL))
    return REG_ESPACE;

+  // Initialize each element (for example, set them all to an empty node set)
+  for (Idx i = 0; i < dfa->nodes_alloc; ++i) {
+    re_node_set_init_empty(dfa->eclosures + i);
+  }
  dfa->subexp_map = re_malloc (Idx, preg->re_nsub);
  if (dfa->subexp_map != NULL)
    {

Thanks!
Wasser
Acknowledgement sent to Wasser Mai <wasser19641@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-diffutils@HIDDEN. Full text available.
Report forwarded to bug-diffutils@HIDDEN:
bug#72251; Package diffutils. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Mon, 24 Mar 2025 23:45:01 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.