Re: conditional jumps based on uninitialized values in IMAP code
On Sat, 13 May 2006, Christoph Ludwig wrote:
On Sat, May 13, 2006 at 07:25:50AM -0400, Thomas Dickey wrote:
**28370** conn->available undefined
**28370** conn->available undefined
and so on. Where is the available field of the connection structures supposed
to be initialized?
That appears to be passed back as the return value from a function that's
chosen at runtime:
int mutt_socket_readchar (CONNECTION *conn, char *c)
{
if (conn->bufpos >= conn->available)
{
if (conn->fd >= 0)
conn->available = conn->conn_read (conn, conn->inbuf, sizeof (conn->inbuf>
else
That is, "conn_read" is set in different parts of the program:
mutt_sasl.c:362: conn->conn_read = mutt_sasl_conn_read;
mutt_sasl.c:470: conn->conn_read = sasldata->msasl_read;
mutt_socket.c:294: conn->conn_read = raw_socket_read;
mutt_ssl.c:119: conn->conn_read = ssl_socket_read;
mutt_ssl.c:381: conn->conn_read = raw_socket_read;
mutt_ssl_gnutls.c:302: conn->conn_read = raw_socket_read;
mutt_tunnel.c:55: conn->conn_read = tunnel_socket_read;
One of those functions appears to be returning an uninitialized value.
--
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net