<<< Date Index >>>     <<< Thread Index >>>

Re: conditional jumps based on uninitialized values in IMAP code



On Sat, 13 May 2006, Christoph Ludwig wrote:

On Sat, May 13, 2006 at 07:25:50AM -0400, Thomas Dickey wrote:
**28370** conn->available undefined

**28370** conn->available undefined

and so on. Where is the available field of the connection structures supposed
to be initialized?

That appears to be passed back as the return value from a function that's
chosen at runtime:

int mutt_socket_readchar (CONNECTION *conn, char *c)
{
  if (conn->bufpos >= conn->available)
  {
    if (conn->fd >= 0)
      conn->available = conn->conn_read (conn, conn->inbuf, sizeof (conn->inbuf>
    else

That is, "conn_read" is set in different parts of the program:

mutt_sasl.c:362:  conn->conn_read = mutt_sasl_conn_read;
mutt_sasl.c:470:  conn->conn_read = sasldata->msasl_read;
mutt_socket.c:294:    conn->conn_read = raw_socket_read;
mutt_ssl.c:119:  conn->conn_read = ssl_socket_read;
mutt_ssl.c:381:  conn->conn_read = raw_socket_read;
mutt_ssl_gnutls.c:302:  conn->conn_read = raw_socket_read;
mutt_tunnel.c:55:  conn->conn_read = tunnel_socket_read;

One of those functions appears to be returning an uninitialized value.

--
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net