Your message dated Wed, 11 Jun 2003 18:58:19 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#196908: g++-3.3: inconsistent behaviour of -Wall
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 10 Jun 2003 17:16:32 +0000
>From [EMAIL PROTECTED] Tue Jun 10 12:16:31 2003
Return-path: <[EMAIL PROTECTED]>
Received: from bonacci.pisa.iol.it [193.76.233.84]
by master.debian.org with esmtp (Exim 3.35 1 (Debian))
id 19PmjX-0003gn-00; Tue, 10 Jun 2003 12:16:31 -0500
Received: from giuseppe by bonacci.pisa.iol.it with local (Exim 3.36 #1
(Debian))
id 19Pmmx-0001x4-00; Tue, 10 Jun 2003 19:20:03 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: giuseppe bonacci <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: g++-3.3: inconsistent behaviour of -Wall
X-Mailer: reportbug 2.10.1
Date: Tue, 10 Jun 2003 19:20:03 +0200
Message-Id: <[EMAIL PROTECTED]>
Sender: peppe <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Status: No, hits=-6.0 required=4.0
tests=BAYES_01,HAS_PACKAGE
version=2.53-bugs.debian.org_2003_06_10
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_06_10
(1.174.2.15-2003-03-30-exp)
Package: g++-3.3
Version: 1:3.3-3
Severity: normal
Tags: security
I don't know whether g++-3.3 or libstdc++5-3.3-dev is responsible.
Anyway, here it is:
$ cat a.cc
#include <iostream>
#include <vector>
template <class T> static inline T f(T x) {
T y;
return y;
}
int main() {
std::vector<int> a;
a.push_back(12);
std::cout << *f(a.begin()) << '\n';
}
$ cat b.cc
#include <iostream>
#include <vector>
template <class T> static inline T f(T x) {
T y;
return y;
}
int main() {
int b[] = { 34 };
std::cout << *f(b) << '\n';
}
Now compare the output from g++ on the above files:
$ g++ -O -W -Wall -ansi -pedantic a.cc
$ g++ -O -W -Wall -ansi -pedantic b.cc
b.cc: In function `int main()':
b.cc:7: warning: `int*y' might be used uninitialized in this function
That is, the same template function f issues a (correct) warning
when instantiated for T = int *, but not when instantiated for T =
std::vector<int>::iterator
This behaviour might cause dereferencing invalid iterators
-- uninitialized or initialized by constructor to some default value --
going unnoticed, and eventually raise security issues in setuid executables.
g.b.
-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux bonacci 2.4.20-3-686 #1 Sun May 18 20:26:19 EST 2003 i686
Locale: LANG=C, LC_CTYPE=C
Versions of packages g++-3.3 depends on:
ii gcc-3.3 1:3.3-3 The GNU C compiler
ii gcc-3.3-base 1:3.3-3 The GNU Compiler Collection (base
ii libc6 2.3.1-16 GNU C Library: Shared libraries an
ii libstdc++5-3.3-dev 1:3.3-3 The GNU Standard C++ Library v3 (d
-- no debconf information
---------------------------------------
Received: (at 196908-done) by bugs.debian.org; 11 Jun 2003 22:59:11 +0000
>From [EMAIL PROTECTED] Wed Jun 11 17:59:10 2003
Return-path: <[EMAIL PROTECTED]>
Received: from crack.them.org [146.82.138.56]
by master.debian.org with esmtp (Exim 3.35 1 (Debian))
id 19QEYg-0001Fb-00; Wed, 11 Jun 2003 17:59:10 -0500
Received: from dsl093-172-017.pit1.dsl.speakeasy.net
([66.93.172.17] helo=nevyn.them.org ident=mail)
by crack.them.org with asmtp (Exim 3.12 #1 (Debian))
id 19QEYf-0006HO-00; Wed, 11 Jun 2003 17:59:09 -0500
Received: from drow by nevyn.them.org with local (Exim 3.36 #1 (Debian))
id 19QEXs-0008DB-00; Wed, 11 Jun 2003 18:58:20 -0400
Date: Wed, 11 Jun 2003 18:58:19 -0400
From: Daniel Jacobowitz <[EMAIL PROTECTED]>
To: giuseppe bonacci <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: Bug#196908: g++-3.3: inconsistent behaviour of -Wall
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[EMAIL PROTECTED]>
User-Agent: Mutt/1.5.1i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Status: No, hits=-21.8 required=4.0
tests=BAYES_30,EMAIL_ATTRIBUTION,IN_REP_TO,QUOTED_EMAIL_TEXT,
REFERENCES,REPLY_WITH_QUOTES,USER_AGENT_MUTT
autolearn=ham version=2.53-bugs.debian.org_2003_06_10
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_06_10
(1.174.2.15-2003-03-30-exp)
On Tue, Jun 10, 2003 at 07:20:03PM +0200, giuseppe bonacci wrote:
> Package: g++-3.3
> Version: 1:3.3-3
> Severity: normal
> Tags: security
>
> I don't know whether g++-3.3 or libstdc++5-3.3-dev is responsible.
> Anyway, here it is:
>
> $ cat a.cc
> #include <iostream>
> #include <vector>
> template <class T> static inline T f(T x) {
> T y;
> return y;
> }
> int main() {
> std::vector<int> a;
> a.push_back(12);
> std::cout << *f(a.begin()) << '\n';
> }
>
> $ cat b.cc
> #include <iostream>
> #include <vector>
> template <class T> static inline T f(T x) {
> T y;
> return y;
> }
> int main() {
> int b[] = { 34 };
> std::cout << *f(b) << '\n';
> }
>
> Now compare the output from g++ on the above files:
>
> $ g++ -O -W -Wall -ansi -pedantic a.cc
> $ g++ -O -W -Wall -ansi -pedantic b.cc
> b.cc: In function `int main()':
> b.cc:7: warning: `int*y' might be used uninitialized in this function
>
> That is, the same template function f issues a (correct) warning
> when instantiated for T = int *, but not when instantiated for T =
> std::vector<int>::iterator
>
> This behaviour might cause dereferencing invalid iterators
> -- uninitialized or initialized by constructor to some default value --
> going unnoticed, and eventually raise security issues in setuid executables.
This is not a bug. T y does not initialize when T = int *, but does
call the constructor for std::vector<int>::iterator.
--
Daniel Jacobowitz
MontaVista Software Debian GNU/Linux Developer
