Package: g++-3.3
Version: 1:3.3-3
Severity: normal
Tags: security
I don't know whether g++-3.3 or libstdc++5-3.3-dev is responsible.
Anyway, here it is:
$ cat a.cc
#include <iostream>
#include <vector>
template <class T> static inline T f(T x) {
T y;
return y;
}
int main() {
std::vector<int> a;
a.push_back(12);
std::cout << *f(a.begin()) << '\n';
}
$ cat b.cc
#include <iostream>
#include <vector>
template <class T> static inline T f(T x) {
T y;
return y;
}
int main() {
int b[] = { 34 };
std::cout << *f(b) << '\n';
}
Now compare the output from g++ on the above files:
$ g++ -O -W -Wall -ansi -pedantic a.cc
$ g++ -O -W -Wall -ansi -pedantic b.cc
b.cc: In function `int main()':
b.cc:7: warning: `int*y' might be used uninitialized in this function
That is, the same template function f issues a (correct) warning
when instantiated for T = int *, but not when instantiated for T =
std::vector<int>::iterator
This behaviour might cause dereferencing invalid iterators
-- uninitialized or initialized by constructor to some default value --
going unnoticed, and eventually raise security issues in setuid executables.
g.b.
-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux bonacci 2.4.20-3-686 #1 Sun May 18 20:26:19 EST 2003 i686
Locale: LANG=C, LC_CTYPE=C
Versions of packages g++-3.3 depends on:
ii gcc-3.3 1:3.3-3 The GNU C compiler
ii gcc-3.3-base 1:3.3-3 The GNU Compiler Collection (base
ii libc6 2.3.1-16 GNU C Library: Shared libraries an
ii libstdc++5-3.3-dev 1:3.3-3 The GNU Standard C++ Library v3 (d
-- no debconf information
