Last Comment Bug 59652 - Numerous places where uninitialized variables might be being used before being set.
: Numerous places where uninitialized variables might be being used before bein...
Status: RESOLVED FIXED
: meta
Product: Core
Classification: Components
Component: Tracking (show other bugs)
: Trunk
: All All
: P3 normal with 1 vote (vote)
: ---
Assigned To: Atul Aggarwal
: chris hofmann
Mentors:
: 132141 132145 (view as bug list)
Depends on: 5602 14733 14737 53593 58698 59657 59658 59659 59661 59664 59666 59667 59668 59669 59670 59673 59675 59676 59677 59678 81851 84477 84498 84508 94135 94141 94151 95982 95983 95989 95990 99324 117418 119220 119330 119376 119481 122904 124614 124618 124619 125795 126457 126460 126462 126463 126473 126484 126485 126488 127289 127419 127490 127592 132148 132161 132163 136878 141552 145029 145031 145947 152700 155652 161417 165908 188640 189563 191712 191717 209335 223702 230001
Blocks: buildwarning 179819
  Show dependency treegraph
 
Reported: 2000-11-09 13:40 PST by Rich Burridge
Modified: 2011-09-25 14:19 PDT (History)
15 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
Compile transcript of the 109 files with uninitialized variables. (283.54 KB, text/plain)
2000-11-09 13:41 PST, Rich Burridge
no flags Details
Just the lines that contain the uninitialized variable warnings. (17.69 KB, text/plain)
2000-11-09 14:05 PST, Rich Burridge
no flags Details
comments on warnings (37.07 KB, text/plain)
2000-12-08 15:25 PST, Herbie
no flags Details
my comments after *** prefixes, only on herbie's js comments (4.00 KB, text/plain)
2000-12-08 19:00 PST, Brendan Eich [:brendan]
no flags Details
Compilation log excerpts showing 247 uninitialized vars; 2001061610 rebuilt from src RPM on RH Linux 7.1 (41.77 KB, text/plain)
2001-06-17 13:54 PDT, Aleksey Nogin
no flags Details
Compilation log excerpts showing 251 uninitialized vars; 2001080600 rebuilt from src RPM on RH Linux 7.1 (42.75 KB, text/plain)
2001-08-07 10:54 PDT, Aleksey Nogin
no flags Details
2001100515: 278 "may be used uninitialized" warnings (43.52 KB, text/plain)
2001-10-05 19:10 PDT, Aleksey Nogin
no flags Details
267 "may be uninitialized" warnings from todays log (122.57 KB, text/plain)
2002-01-09 20:59 PST, Aleksey Nogin
no flags Details
fix for warnings in cookie and wallet code (1.38 KB, patch)
2002-01-14 08:29 PST, Stephen P. Morse
alecf: superreview+
Details | Diff | Review
190 "may be used uninitialized" warnings from todays log (19.47 KB, text/plain)
2002-02-06 15:57 PST, Aleksey Nogin
no flags Details
176 "xxx might be used uninitialized" from today's log. (18.11 KB, text/plain)
2002-02-21 08:42 PST, Aleksey Nogin
no flags Details
150 "xxx might be used uninitialized" from today's log. (15.03 KB, text/plain)
2002-03-19 15:30 PST, Aleksey Nogin
no flags Details
146 warnings from today's brad Tbox log. (14.40 KB, text/plain)
2002-12-15 17:04 PST, Aleksey Nogin
no flags Details

Description Rich Burridge 2000-11-09 13:40:51 PST
We have seen a couple of bugs (58698 and 59617) where crashes have
resulted because variables have been used without being previously
initialized.

By building Mozilla (with mail/news) with the -Wuninitialized flag 
and with optimization turned on, I was able to find 192 occurances 
of this in total (in 109 files).

These problems could be the cause of many "random" crashes on platforms 
which don't automatically initialize local variables to zero (Solaris 
being one of them).

See the first attachment, which contains the compile transcript for all
of these 109 files. 

Even though Netscape 6 RTM is almost out the door, we would like to fix 
up these problems for our Solaris Netscape 6 RTM/FCS release, so if diffs 
could be attached to this bug for the various fixes (note the bugs 58698 
and 59617 already contain two such sets of diffs), then it would be very 
much appreciated. 

Thanks.
Comment 1 Rich Burridge 2000-11-09 13:41:54 PST
Created attachment 19017 [details]
Compile transcript of the 109 files with uninitialized variables.
Comment 2 Daniel Bratell 2000-11-09 13:46:48 PST
The best would be if you could split the log between different modules and file
a bug for each. My experience of bugs like this that covers many components is
that noone takes it on.
Comment 3 Rich Burridge 2000-11-09 14:05:15 PST
Created attachment 19018 [details]
Just the lines that contain the uninitialized variable warnings.
Comment 4 Rich Burridge 2000-11-09 17:08:03 PST
I've open a load of individual bugs in various modules for this problem.
Hopefully that will inspire the module owners to create diffs for the
files that they own. These are:

59657 - XPCOM
59658 - XPCOM / Registry
59659 - JavaScript Engine
59661 - Networking
59664 - Security / General
59666 - Internationalization
59667 - Imagelib
59670 - Installer
59668 - GTX Embedding
59669 - HTML Element
59673 - Mail / News
59675 - Layout
59676 - XPToolkit / Widgets
59677 - DOM
59678 - Viewer
58698 - Editor

The following lines still need to have individual module bugs filed against
them. I'll do this tomorrow. If anybody can tell me the modules, I'd be
very grateful.

/db/mork/src/morkAtom.cpp
morkAtom.cpp:363: warning: `const mork_u1 * body' might be used uninitialized in
this function
morkAtom.cpp:407: warning: `mork_size size' might be used uninitialized in this
morkAtom.cpp:408: warning: `mork_cscode form' might be used uninitialized in
this function
morkAtom.cpp:432: warning: `mork_size thisSize' might be used uninitialized in
this function
morkAtom.cpp:433: warning: `mork_cscode thisForm' might be used uninitialized in
this function
----
/rdf/base/src/nsRDFContentSink.cpp
nsRDFContentSink.cpp:538: warning: `nsresult rv' might be used uninitialized in
----
/rdf/content/src/nsXULSortService.cpp
nsXULSortService.cpp:1416: warning: `nsresult rv' might be used uninitialized in
this function
----
/docshell/base/nsDocShell.cpp
nsDocShell.cpp:2114: warning: `PRInt32 x' might be used uninitialized in this
function
nsDocShell.cpp:2115: warning: `PRInt32 y' might be used uninitialized in this
function
----
/xpfe/appshell/src/nsWindowMediator.cpp
nsWindowMediator.cpp:676: warning: `struct nsWindowInfo * info' might be used
uninitialized in this function
nsWindowMediator.cpp:678: warning: `PRBool found' might be used uninitialized in
this function
nsWindowMediator.cpp:805: warning: `struct nsWindowInfo * belowInfo' might be
used uninitialized in this function
----
/xpfe/components/search/src/nsInternetSearchService.cpp
nsInternetSearchService.cpp:4082: warning: `PRUnichar quoteChar' might be used
uninitialized in this function
../../../../dist/include/nsAReadableString.h:1085: warning: `int whichString'
might be used uninitialized in this function
----
/extensions/cookie/nsCookie.cpp
nsCookie.cpp:397: warning: `PRInt32 typeIndex' might be used uninitialized in
this function
nsCookie.cpp:1251: warning: `struct permission_HostStruct * hostStruct' might be
used uninitialized in this function
----
/extensions/wallet/src/singsign.cpp
singsign.cpp:1900: warning: `class si_SignonDataStruct * data' might be used
uninitialized in this function
----


Comment 5 (not reading, please use seth@sspitzer.org instead) 2000-11-09 23:05:43 PST
I'm not sure about modules, but you should assign the

db/mork stuff to bienvenu
extensions/wallet to morse
docshell to adamlock

Comment 6 Doron Rosenberg (IBM) 2000-11-10 04:17:44 PST
[tracking] bug
Comment 7 Rich Burridge 2000-11-10 08:18:09 PST
Thanks Seth. I've added bienvenu, morse and adamlock to the CC: of this
bug. I've already opened up enough others bugs for this one. Guys,
with reference to the previous comment by Seth, could you please
attach diifs (assuming they are needed), to fix the uninitialized
variables for the files that you own? Thanks.
Comment 8 Stephen P. Morse 2000-11-10 09:03:57 PST
Besides the extensions/wallet/singsign.cpp cases, I'm also responsible for the 
one in extensions/cookie/nsCookie.cpp.

I just checked the two cases in singsign and the one case in nsCookie and none 
are a problem.  Here's why (same reason in all three cases).

It's true that the variables in question are not initialized when declared but 
rather are initialized inside a loop.  They are then used after the loop 
terminates.  So the compiler would have no way of knowing if the loop was ever 
executed and therefore considers these as potentially uninitialized.

However, inside the loop another variable changes value.  And after the loop, a 
test is made for that variable changing value and the routine is exited if it 
didn't happen.  Therefore the place that the questionable variable is used 
will never get executed if the loop had never been entered.

Bottom line -- there is no problem here in the nsCookie or singsign files.
Comment 9 Stephen P. Morse 2000-11-10 09:08:51 PST
Correction: Above I said the two cases in singsign and one in nsCookie.  That 
should read the other way around -- one case in singsign and two in nsCookie.
Comment 10 (not reading, please use seth@sspitzer.org instead) 2000-11-10 09:13:11 PST
morse:  you should still fix the warnings to get the off the radar.

Comment 11 Blake Ross 2000-11-11 12:49:11 PST
-> tracking
Comment 12 Herbie 2000-12-08 15:24:33 PST
Added attachment that contains comments regarding the warnings.
Comment 13 Herbie 2000-12-08 15:25:56 PST
Created attachment 20372 [details]
comments on warnings
Comment 14 Brendan Eich [:brendan] 2000-12-08 19:00:36 PST
Created attachment 20388 [details]
my comments after *** prefixes, only on herbie's js comments
Comment 15 John Bandhauer 2000-12-20 11:58:28 PST
Changed summary to reflect what the warnings really say.
Comment 16 Brendan Eich [:brendan] 2000-12-20 12:08:16 PST
Cc'ing mang for advice on the fdlibm warnings and scary-looking unbraced but
indented as if written in Python code.  From my attachment:

 e_asin.c:110: warning: `t' might be used uninitialized in this function
   - will get assigned before use.

   *** Agreed, but the indentation without bracing at lines 125-129 looks very
   *** wrong.  This fdlibm code originated from sun.com, could you please see
   *** whether a bug needs to be filed there?  Thanks.

   e_exp.c:143: warning: `hi' might be used uninitialized in this function
   e_exp.c:143: warning: `lo' might be used uninitialized in this function
   e_exp.c:144: warning: `k' might be used uninitialized in this function
   - might need to be init.  possible to get used without first setting.

   *** agreed, these are bugs.  This fdlibm code originated from sun.com, can
   *** you see whether a bug needs to be filed there?  Thanks.

   e_rem_pio2.c:124: warning: `z' might be used uninitialized in this function
   - may get used at line 199 before getting assigned.  need to be init/set!

   e_sqrt.c:132: warning: `z' might be used uninitialized in this function
   - may get used at line 224 before getting assigned.  need to be init/set!

   k_cos.c:105: warning: `qx' might be used uninitialized in this function
   - same as the above two, hmm ... are these relying on some runtime stack values?
     it seems pretty dangerous not to set/init these, but on the other hand, it
     seems like they are intended.

   *** The use of qx on line 120 in k_cos.c is clearly wrong, as the next two
   *** statements completely overwrite u.d.  This fdlibm code originated from
   *** sun.com, could you please see whether a bug needs to be filed there?
   *** In any case, the JS engine's copy should be fixed to strike line 120.

   *** Same for the e_sqrt.c and e_rem_pio2.c uses.

Who at Sun can follow up with fdlibm authors?  George?

/be
Comment 17 drapeau 2000-12-20 18:57:36 PST
Hi Brendan: I don't know what fdlibm is, but I'd be happy to try to track it
down.  What is it?  Also, can you tell me some of its history?  Maybe I can go
from there and track down the authors.  Or if you even know a Sun name (probably
too much to ask, but I gotta try), I can go from there.
Comment 18 Michael Ang 2000-12-20 20:57:06 PST
fdlibm is the "freely distributable libm".  It provides software implementations
of the math functions found in libm.  We use fdlibm in the JavaScript engine
when a system-provided math function doesn't conform to the IEEE 754 standard.

I forget exactly where the fdlibm in mozilla CVS came from.  It looks like
version 5.2, which was developed by Sun and released in 1995(!)  fdlibm is
currently distributed as part of netlib, so that might be the right place to
send upstream patches (www.netlib.org).

NetBSD also maintains a copy of fdlibm, based off version 5.1.  They've done
some patches for endian-ness problems, and possibly others.  I'll have a look
(RSN) to see how their current version of our problem files compare.

The readme (from 1995) for fdlibm 5.2 (http://www.netlib.org/fdlibm/readme)
says:
"6. PROBLEMS ?
--------------
Please send comments and bug report to: 
fdlibm-comments@sunpro.eng.sun.com"

Might be worth a shot.

Another tidbit.  The Java 1.2 API spec says that conformant JVMs should have the
same results for math operations as fdlibm:
http://java.sun.com/products/jdk/1.2/docs/api/java/lang/Math.html
Comment 19 Aleksey Nogin 2001-06-17 10:40:50 PDT
- bug 81851 was caused by an uninitialized nsresult.
- bug 84477 "nsCachePrefObserver::Install can return an uninitialized nsresult"
- bug 84498 "xpidl_process_idl may return unitialized value"
- bug 84508 "Tinderbox should compile with -O on Linux to produce
-Wuninitialized warnings."
- attachment 37644 [details] to bug 84508 gives a listing of _243_ uninitialized variables
in an up-to-date build. This means that the number more than doubled since this
bug was filed!
Comment 20 David Bradley 2001-06-17 11:21:32 PDT
Another good practice is for each engineer to turn warnings all they way up and 
do a build of his or her area. I've often find numerous problems in code by 
doing this in this past. There's plenty of noise, but often there are valid 
warnings that point to bugs.
Comment 21 Aleksey Nogin 2001-06-17 13:54:17 PDT
Created attachment 38857 [details]
Compilation log excerpts showing 247 uninitialized vars; 2001061610 rebuilt from src RPM on RH Linux 7.1
Comment 22 Aleksey Nogin 2001-08-07 10:46:28 PDT
bug 94135 "nsPrefBranch::SetComplexValue : rv may be returned uninitialized"
bug 94141 "modules/libimg/src/if.cpp : IL_StreamWrite return value undefined if
len==0."
Comment 23 Aleksey Nogin 2001-08-07 10:54:47 PDT
Created attachment 44946 [details]
Compilation log excerpts showing 251 uninitialized vars; 2001080600 rebuilt from src RPM on RH Linux 7.1
Comment 24 Aleksey Nogin 2001-08-07 11:11:07 PDT
bug 94151 "nsBidiPresUtils::FormatUnicodeText can return uninitialized nsresult"
Comment 25 Aleksey Nogin 2001-08-19 09:37:50 PDT
Bug 53593 "uninitialized variables in jsj.c"

I filed a few new NSS bugs:
Bug 95982 "rsa.c: RSA_PrivateKeyOp will return uninitialized SECStatus on success"
Bug 95983 "jarver.c: uninitialized variables might be being used before being set"
Bug 95989 "certdb/genname.c: cert_CompareNameWithConstraints handles certURI
case incorrectly"
Bug 95990 "rijndael.c: encrypt/decrypt use c2 and c3 without ever initializing"

Unfortunatelly, there are much more of these in NSS...
Comment 26 Aleksey Nogin 2001-10-05 19:10:09 PDT
Created attachment 52326 [details]
2001100515: 278 "may be used uninitialized" warnings
Comment 27 Aleksey Nogin 2002-01-09 15:56:06 PST
The number of these warnings seems to be finally going down
(http://tinderbox.mozilla.org/SeaMonkey/warn1010614620.16740.html has 269 of
them), but very slowly. It's very likely that some of those 269 are real bugs
and IMHO it would make sence to  try to make sure that do not make it into 1.0
Comment 28 Aleksey Nogin 2002-01-09 20:59:18 PST
Created attachment 64250 [details]
267 "may be uninitialized" warnings from todays log

These are the "may be uninitialized" warnings listed in
http://tinderbox.mozilla.org/SeaMonkey/warn1010629440.4199.html
Comment 29 Stephen P. Morse 2002-01-14 08:29:32 PST
Created attachment 64819 [details] [diff] [review]
fix for warnings in cookie and wallet code
Comment 30 Alec Flett 2002-01-15 15:33:22 PST
Comment on attachment 64819 [details] [diff] [review]
fix for warnings in cookie and wallet code

sr=alecf
Comment 31 Stephen P. Morse 2002-01-15 15:37:26 PST
cookie and wallet fixes are now checked in.  Removing myself from cc list.
Comment 32 Aleksey Nogin 2002-02-06 15:57:21 PST
Created attachment 68209 [details]
190 "may be used uninitialized" warnings from todays log

These are the warnings from
http://tinderbox.mozilla.org/SeaMonkey/warn1013026020.23864.html (Wed, 06 Feb
2002 15:07 EST). The NSS3.4 ladning got rid of a huge number of warnings, so
now we only have 190 of them left!
Comment 33 Aleksey Nogin 2002-02-21 08:42:41 PST
Created attachment 70722 [details]
176 "xxx might be used uninitialized" from today's log.

Distribution by toplevel directory:

46	layout
34	js
16	nsprpub
13	mailnews
10	security
10	extensions
10	content
8	xpfe
6	widget
5	xpinstall
4	xpcom
4	modules
2	string
2	gfx
2	db
1	uriloader
1	rdf
1	intl
1	embedding
Comment 34 Aleksey Nogin 2002-03-19 15:30:00 PST
Created attachment 75073 [details]
150 "xxx might be used uninitialized" from today's log.

26 down, 150 to go...
Comment 35 Aleksey Nogin 2002-12-15 17:04:00 PST
Created attachment 109364 [details]
146 warnings from today's brad Tbox log.

Distribution of the lines with warnings, by toplevel dir:

     31 layout
     28 js
     14 content
     13 nsprpub
     11 directory
      4 xpcom
      4 widget
      4 modules
      3 security
      3 mailnews
      3 gfx
      2 tools
      2 string
      2 extensions
      1 xpfe
      1 rdf
      1 profile
      1 intl
Comment 36 Serge Gautherie (:sgautherie) 2004-04-14 14:36:08 PDT
*** Bug 132145 has been marked as a duplicate of this bug. ***
Comment 37 Serge Gautherie (:sgautherie) 2004-04-14 17:42:45 PDT
*** Bug 132141 has been marked as a duplicate of this bug. ***
Comment 38 Atul Aggarwal 2011-09-25 14:19:18 PDT
All the dependent bugs has been closed.

Hence closing the meta bug as well.

Note You need to log in before you can comment on or make changes to this bug.