diff options
| author | Urabe, Shyouhei <shyouhei@ruby-lang.org> | 2019-04-24 16:15:46 +0900 |
|---|---|---|
| committer | Urabe, Shyouhei <shyouhei@ruby-lang.org> | 2019-04-26 15:59:40 +0900 |
| commit | 40b5f2b85dc5c50d7757c3b2522a767188b0e0b3 (patch) | |
| tree | b21f1c4ec4d69f85787094b27f23940f8a841de9 /enum.c | |
| parent | f02760fc0a455f376ad1a855fd1a5e9252c8267c (diff) | |
| download | bundler-40b5f2b85dc5c50d7757c3b2522a767188b0e0b3.tar.gz | |
memo.c might not always be initialized
memo.float_value might change inside of hash_sum. In case it
flipped from false to true there, and the calculated sum is Inf,
memo.c might not be initialized at all. This is bad.
Found using memory sanitizer:
==55293==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x55dfb8d6c529 in rb_float_new_inline internal.h:1814:53
#1 0x55dfb8d1b30c in enum_sum enum.c:4017:18
#2 0x55dfb86d75ad in call_cfunc_m1 vm_insnhelper.c:2041:12
#3 0x55dfb864b141 in vm_call_cfunc_with_frame vm_insnhelper.c:2207:11
#4 0x55dfb85e843d in vm_call_cfunc vm_insnhelper.c:2225:12
#5 0x55dfb85e08f3 in vm_call_method_each_type vm_insnhelper.c:2560:9
#6 0x55dfb85de9c7 in vm_call_method vm_insnhelper.c:2686:13
#7 0x55dfb849eac6 in vm_call_general vm_insnhelper.c:2730:12
#8 0x55dfb8686103 in vm_sendish vm_insnhelper.c:3623:11
#9 0x55dfb84dc29e in vm_exec_core insns.def:789:11
Diffstat (limited to 'enum.c')
| -rw-r--r-- | enum.c | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -3997,6 +3997,10 @@ enum_sum(int argc, VALUE* argv, VALUE obj) memo.f = RFLOAT_VALUE(memo.v); memo.c = 0.0; } + else { + memo.f = 0.0; + memo.c = 0.0; + } if (RTEST(rb_range_values(obj, &beg, &end, &excl))) { if (!memo.block_given && !memo.float_value && |