[llvm-bugs] [Bug 32249] New: PVS-Studio: Use of Uninitialized Variable (CWE-457)

via llvm-bugs llvm-bugs at lists.llvm.org
Mon Mar 13 01:31:54 PDT 2017


            Bug ID: 32249
           Summary: PVS-Studio: Use of Uninitialized Variable (CWE-457)
           Product: libraries
           Version: trunk
          Hardware: PC
                OS: Windows NT
            Status: NEW
          Severity: release blocker
          Priority: P
         Component: DebugInfo
          Assignee: unassignedbugs at nondot.org
          Reporter: razmyslov at viva64.com
                CC: llvm-bugs at lists.llvm.org

Created attachment 18085
  --> https://bugs.llvm.org/attachment.cgi?id=18085&action=edit
possible fix

We have found a vulnerability (CWE-457) using PVS-Studio tool: PVS-Studio is a
static code analyzer for C, C++ and C#: https://www.viva64.com/en/pvs-studio/

Analyzer warning: V573 Uninitialized variable 'BytesToDrop' was used. The
variable was used to initialize itself.

static Error mapNameAndUniqueName(....) {
  size_t BytesLeft = IO.maxFieldLength();
  if (HasUniqueName) {
    if (BytesNeeded > BytesLeft) {
      size_t BytesToDrop = (BytesNeeded - BytesLeft);
      size_t DropN = std::min(N.size(), BytesToDrop / 2);
      size_t DropU = std::min(U.size(), BytesToDrop - DropN);
  } else {
    size_t BytesNeeded = Name.size() + 1;
    StringRef N = Name;
    if (BytesNeeded > BytesLeft) {
      size_t BytesToDrop = std::min(N.size(), BytesToDrop); // <=
      N = N.drop_back(BytesToDrop);

You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20170313/d6226900/attachment-0001.html>

More information about the llvm-bugs mailing list