Insure++ Reference - READ_UNINIT_MEM
The use of uninitialized memory is a difficult problem to isolate,
since the effects of the problem may not show up till much later. This
problem is complicated by the fact that quite a lot of references to
uninitialized memory are harmless.
To deal with these issues, Insure++ distinguishes two
sub-categories of the READ_UNINIT_MEM error class.
copy
|
This error code is generated whenever an application assigns a
variable using an uninitialized value. In itself, this may not
be a problem, since the value may be reassigned to a valid value
before use or may never be used. This error category is suppressed
by default.
|
read
|
This code is generated whenever an uninitialized value is used
in an expression or some other context where it must be incorrect.
This error category is enabled by default, but is only detected if
the
checking_uninit option is
on .
|
The difference between these two categories is illustrated in the
following examples.
Full checking may be disabled by setting the .psrc
option checking_uninit off
. If full uninitialized memory checking is disabled,
uninitialized pointers will still be detected, but will be reported in
the READ_UNINIT_PTR
category.
This code attempts to use a structure element which has never been
initialized.
1: /*
2: * File: readuni1.c
3: */
4: #include <stdio.h>
5:
6: main()
7: {
8: struct rectangle {
9: int width;
10: int height;
11: };
12:
13: struct rectangle box;
14: int area;
15:
16: box.width = 5;
17: area = box.width*box.height;
18: printf("area = %d\n", area);
19: return (0);
20: }
[readuni1.c:17] **READ_UNINIT_MEM(read)**
1. >> area = box.width * box.height;
2. Reading uninitialized memory: box.height
Stack trace where the error occurred:
3. main() readuni1.c, 17
- Source line at which the problem was detected.
- Description of the problem and the expression that is in error.
- Stack trace showing the function call sequence leading to the
error.
This code assigns the value b using memory
returned by the malloc system call, which is
uninitialized.
1: /*
2: * File: readuni2.c
3: */
4: #include <stdlib.h>
5:
6: main()
7: {
8: int *a = (int *)malloc(5);
9: int b;
10:
11: b = *a;
12: return (0);
13: }
The code in line 11 of this example falls into the copy
error sub-category, since the uninitialized value is merely
used to assign another variable. If b were later
used in an expression, it would then generate a
READ_UNINIT_MEM(read) error.
If the ints in lines 8 and 9 of the above example
were replaced by chars , the error would not be detected
by default. To see the error in the new example, you would need to set the
.psrc option
checking_uninit_min_size 1
.
[readuni2.c:11] **READ_UNINIT_MEM(copy)**
1. >> b = *a;
2. Reading uninitialized memory: *a
In block: 0x00062058 thru 0x0006205c (5 bytes)
block allocated at:
malloc() (interface)
main() readuni2.c, 8
Stack trace where the error occurred:
3. main() readuni2.c, 11
- Source line at which the problem was detected.
- Description of the problem and the expression that is in error.
- Stack trace showing the function call sequence leading to error.
As mentioned earlier, the READ_UNINIT_MEM(copy)
error category is suppressed by default, so you will normally only see
errors in the read category. In many cases, these
will be errors that can be simply corrected by initializing the
appropriate variables. In other cases, these values will have been
assigned from other uninitialized variables, which can be detected by
unsuppressing the copy sub-category and running again.
READ_OVERFLOW
READ_UNINIT_PTR
|