From: Nikita Pettik <korablev@tarantool.org>
To: tarantool-patches@dev.tarantool.org
Cc: v.shpilevoy@tarantool.org
Subject: [Tarantool-patches] [PATCH] vinyl: fix passing uninitialized parameter to vy_page_find_key()
Date: Mon, 15 Jun 2020 21:42:47 +0300 [thread overview]
Message-ID: <f631daa8d1cc3c179a2ad08fb8dd35ebed5aaece.1592235282.git.korablev@tarantool.org> (raw)
vy_page_find_key() assumes that equal_key parameter is initialized since
it is used unconditionally. There are several places where
vy_page_find_key() is called:
- vy_slice_stream_search() calls vy_page_find_key();
- vy_run_iterator_read() calls vy_run_iterator_load_page(),
which in turn calls vy_page_find_key();
- vy_run_iterator_search() also calls vy_run_iterator_load_page().
First two fixes are obvious - lifespan of parameter passed to
*_find_key() is clear and restricted by caller. In the last case
firstly vy_page_find_key() is called, but equal_key output value is not
used. Then it is re-assigned with task->equal_found which is the result
of another on vy_page_find_key() invocation in vy_page_read_cb. So it is
safe to initialize equal_found parameter with 'false' value as well.
Closes #5078
---
Branch: https://github.com/tarantool/tarantool/tree/np/gh-5078-uninit-var-sanitizer
Issue: https://github.com/tarantool/tarantool/issues/5078
src/box/vy_run.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/box/vy_run.c b/src/box/vy_run.c
index 54cf028d0..db4565954 100644
--- a/src/box/vy_run.c
+++ b/src/box/vy_run.c
@@ -1095,7 +1095,7 @@ vy_run_iterator_read(struct vy_run_iterator *itr,
struct vy_entry *ret)
{
struct vy_page *page;
- bool equal_found;
+ bool equal_found = false;
uint32_t pos_in_page;
int rc = vy_run_iterator_load_page(itr, pos.page_no, vy_entry_none(),
ITER_GE, &page, &pos_in_page,
@@ -1129,7 +1129,7 @@ vy_run_iterator_search(struct vy_run_iterator *itr,
equal_key);
if (pos->page_no == itr->slice->run->info.page_count)
return 1;
- bool equal_in_page;
+ bool equal_in_page = false;
struct vy_page *page;
int rc = vy_run_iterator_load_page(itr, pos->page_no, key,
iterator_type, &page,
@@ -2615,7 +2615,7 @@ vy_slice_stream_search(struct vy_stmt_stream *virt_stream)
if (vy_slice_stream_read_page(stream) != 0)
return -1;
- bool unused;
+ bool unused = false;
stream->pos_in_page = vy_page_find_key(stream->page,
stream->slice->begin,
stream->cmp_def,
--
2.17.1
next reply other threads:[~2020-06-15 18:42 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-15 18:42 Nikita Pettik [this message]
2020-06-16 23:10 ` Vladislav Shpilevoy
2020-06-16 23:21 ` Nikita Pettik
2020-06-17 21:56 ` Vladislav Shpilevoy
2020-06-22 0:02 ` Nikita Pettik
2020-06-22 22:54 ` Vladislav Shpilevoy
2020-06-23 0:08 ` Nikita Pettik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f631daa8d1cc3c179a2ad08fb8dd35ebed5aaece.1592235282.git.korablev@tarantool.org \
--to=korablev@tarantool.org \
--cc=tarantool-patches@dev.tarantool.org \
--cc=v.shpilevoy@tarantool.org \
--subject='Re: [Tarantool-patches] [PATCH] vinyl: fix passing uninitialized parameter to vy_page_find_key()' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox