Insure++ Reference - READ_UNINIT_MEM

READ_UNINIT_MEM

Reading uninitialized memory

Problem #1	Diagnosis (at runtime)
Problem #2	Diagnosis (at runtime)
Repair

The use of uninitialized memory is a difficult problem to isolate, since the effects of the problem may not show up till much later. This problem is complicated by the fact that quite a lot of references to uninitialized memory are harmless.

To deal with these issues, Insure++ distinguishes two sub-categories of the READ_UNINIT_MEM error class.

`copy`	This error code is generated whenever an application assigns a variable using an uninitialized value. In itself, this may not be a problem, since the value may be reassigned to a valid value before use or may never be used. This error category is suppressed by default.
`read`	This code is generated whenever an uninitialized value is used in an expression or some other context where it must be incorrect. This error category is enabled by default, but is only detected if the `checking_uninit` option is `on`.

The difference between these two categories is illustrated in the following examples.

Full checking may be disabled by setting the .psrc option checking_uninit off. If full uninitialized memory checking is disabled, uninitialized pointers will still be detected, but will be reported in the READ_UNINIT_PTRcategory.

Problem #1

This code attempts to use a structure element which has never been initialized.

	1:	/*
	2:	 * File: readuni1.c
	3:	 */
	4:	#include <stdio.h>
	5:	
	6:	main()
	7:	{
	8:		struct rectangle {
	9:			int width;
	10:			int height;
	11:		};
	12:
	13:		struct rectangle box;
	14:		int area;
	15:
	16:		box.width = 5;
	17:		area = box.width*box.height; 
	18:		printf("area = %d\n", area);
	19:		return (0);
	20:	}

Diagnosis (at runtime)

	[readuni1.c:17] **READ_UNINIT_MEM(read)**
1.	>> 		area = box.width * box.height;
	
2.		Reading uninitialized memory: box.height

		Stack trace where the error occurred:
3.			main() readuni1.c, 17

Source line at which the problem was detected.
Description of the problem and the expression that is in error.
Stack trace showing the function call sequence leading to the error.

Problem #2

This code assigns the value b using memory returned by the malloc system call, which is uninitialized.

	1:	/*
	2:	 * File: readuni2.c
	3:	 */
	4:	#include <stdlib.h>
	5:	
	6:	main()
	7:	{
	8:		int *a = (int *)malloc(5);
	9:		int b;
	10:	
	11:		b = *a; 
	12:		return (0);
	13:	}

The code in line 11 of this example falls into the copyerror sub-category, since the uninitialized value is merely used to assign another variable. If b were later used in an expression, it would then generate a READ_UNINIT_MEM(read) error.

If the ints in lines 8 and 9 of the above example were replaced by chars, the error would not be detected by default. To see the error in the new example, you would need to set the .psrc option checking_uninit_min_size 1.

Diagnosis (at runtime)

	[readuni2.c:11] **READ_UNINIT_MEM(copy)**
1.	>> 		b = *a;
	
2.		Reading uninitialized memory: *a
	
		In block: 0x00062058 thru 0x0006205c (5 bytes)
			  block allocated at:
				malloc()  (interface)
				  main()  readuni2.c, 8

		Stack trace where the error occurred:
3.			  main() readuni2.c, 11

Source line at which the problem was detected.
Description of the problem and the expression that is in error.
Stack trace showing the function call sequence leading to error.

Repair

As mentioned earlier, the READ_UNINIT_MEM(copy) error category is suppressed by default, so you will normally only see errors in the read category. In many cases, these will be errors that can be simply corrected by initializing the appropriate variables. In other cases, these values will have been assigned from other uninitialized variables, which can be detected by unsuppressing the copy sub-category and running again.

READ_OVERFLOW

READ_UNINIT_PTR