Created attachment 18085 [details] possible fix We have found a vulnerability (CWE-457) using PVS-Studio tool: PVS-Studio is a static code analyzer for C, C++ and C#: https://www.viva64.com/en/pvs-studio/ Analyzer warning: V573 Uninitialized variable 'BytesToDrop' was used. The variable was used to initialize itself. static Error mapNameAndUniqueName(....) { .... size_t BytesLeft = IO.maxFieldLength(); if (HasUniqueName) { ..... if (BytesNeeded > BytesLeft) { size_t BytesToDrop = (BytesNeeded - BytesLeft); size_t DropN = std::min(N.size(), BytesToDrop / 2); size_t DropU = std::min(U.size(), BytesToDrop - DropN); .... } } else { size_t BytesNeeded = Name.size() + 1; StringRef N = Name; if (BytesNeeded > BytesLeft) { size_t BytesToDrop = std::min(N.size(), BytesToDrop); // <= N = N.drop_back(BytesToDrop); } error(IO.mapStringZ(N)); } .... }
Zachary please can you take a look at this? It was introduced by your patch D26253/rL286304
Yes, I'll take a look.
The patch looks fine, but I think I can make it a bit more concise. We should be able to replace this entire else block with just StringRef N(Name); N = N.take_front(BytesLeft-1); error(IO.mapStringZ(N)); I looked into why this wasn't caught by msan, and it's because this is a hard-to-encounter edge case that doesn't have test coverage. I've been improving the testability of this code for a while now, so we should be at the point fairly soon where I can get test coverage for these weird edge cases. I'm going to close this as fixed and submit the patch shortly. Thanks Svyatoslav!