Re: diffutils-3.7.41-7475 exercises undefined behaviour

[Jim Meyering]

On Sun, Jul 25, 2021 at 1:04 PM Bruno Haible <bruno@clisp.org> wrote:
> Hi Jim,
> > I've done as you suggested, but so far, I have been unable to evoke a
> > used-uninitialized error on a Fedora 34 system using its libc-2.33,
> > valgrind-3.17.0 and this compiler:
> >   gcc version 11.1.1 20210531 (Red Hat 11.1.1-3) (GCC)
> >
> > Would you please describe your environment and share the names of the
> > test(s) that evoked such failures?
>
> I did so, on Ubuntu 16.04.x, with gcc 5.4.0 and valgrind 3.11.0. Find
> the log file attached. You can ignore the test failures that were due
> to "memory leaks".
>
> > >   Conditional jump or move depends on uninitialised value(s)
> > >      at 0x4020F0: block_compare (cmp.c:620)
> > >      by 0x4020F0: cmp (cmp.c:463)
> > >      by 0x4020F0: main (cmp.c:361)
> > >
> > > Would it be possible to run block_compare on an initialized buffer,
> > > instead of on a partially uninitialized one?
> >
> > In spite of that, I think I can see what's happening: at cmp:460, we
> > put a single-byte sentinel at the end of each buffer, yet the
> > following block_compare reads full words, so depending on alignment, a
> > final word-read may read the sentinel byte and possibly a few
> > (uninitialized ones) beyond it
>
> Yes, that sounds like a plausible explanation of the stack trace above.

Thanks again. Even though I never reproduced the issue, I've pushed
the following, which should resolve it:

https://git.sv.gnu.org/cgit/diffutils.git/commit/?id=v3.7-42-g1aa7ccf