Skip to content

[YottaDB/DBMS/YDBOcto#205] Fix uninitialized memory access in zgbldir_opt() in case of empty gbldir string

Narayanan Iyer requested to merge nars1/YDB:valgrind into master

Background

  • This is an issue that showed up while testing YDBOcto with valgrind as part of YottaDB/DBMS/YDBOcto#205 (closed).

  • Some of the bats tests failed once in a while with the below symptom.

    $ cat YDBOcto/build/bats-test.tOl0MT/test_TNSC07_-3a_Rocto_-2d_one_region_-2d_null_subs_enabled_on_DEFAULT-valgrind-memcheck-87003-1.log
.
.
==87003== Conditional jump or move depends on uninitialised value(s)
==87003==    at 0x484CF64: bcmp (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==87003==    by 0x494809E: zgbldir_opt (sr_port/dpgbldir.c:102)
==87003==    by 0x498B516: gvinit (sr_port/gvinit.c:36)
==87003==    by 0x4AF1480: op_fnzpeek (sr_unix/op_fnzpeek.c:534)
==87003==    by 0x67B6258: _PEEKBYNAME (in libyottadbutil.so)
==87003==    by 0x552CD2F: ???
==87003==    by 0x9: ???
==87003==    by 0xA: ???
==87003==    by 0xB: ???
==87003==    by 0xC: ???
==87003==    by 0xD: ???
==87003==    by 0xE: ???
==87003==  Uninitialised value was created by a heap allocation
==87003==    at 0x4843839: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==87003==    by 0x4966AE0: findStorElem (sr_port/gtm_malloc_src.h:598)
==87003==    by 0x4966BFA: findStorElem (sr_port/gtm_malloc_src.h:571)
==87003==    by 0x4966BFA: findStorElem (sr_port/gtm_malloc_src.h:571)
==87003==    by 0x4966BFA: findStorElem (sr_port/gtm_malloc_src.h:571)
==87003==    by 0x4966BFA: findStorElem (sr_port/gtm_malloc_src.h:571)
==87003==    by 0x4966BFA: findStorElem (sr_port/gtm_malloc_src.h:571)
==87003==    by 0x4967623: gtm_malloc (sr_port/gtm_malloc_src.h:743)
==87003==    by 0x4948222: zgbldir_opt (sr_port/dpgbldir.c:155)
==87003==    by 0x498B516: gvinit (sr_port/gvinit.c:36)
==87003==    by 0x4A3C6F6: view_arg_convert (sr_port/view_arg_convert.c:214)
==87003==    by 0x4B7BA85: op_fnview (sr_port/op_fnview.c:189)

Issue

  • In the zgbldir_opt() function in sr_port/dpgbldir.c, when we initialize a new global directory structure, we do not initialize name->name.addr in the case name->name.len is 0. But when we check if a given input gld name matches a previously allocated structure, we go ahead with a memcmp() even in the case where the input is an empty string (i.e. name->name.len is 0). This prompts the above warning from valgrind.

Fix

  • When checking if a previously allocated gld structure matches, we skip the memcmp() if the length is found to be 0.

Merge request reports