Fix uninitialized locals in event/hook handlers from having a value.

Since values for local variables are referenced by offset within a Frame (not by identifier name), and event/hook handler bodies share a common Frame, the value offsets for local variables in different handlers may overlap. This meant locals in a handler without an initialization may actually end up referring to the value of a previous handler's local that has the same Frame offset. When executing the body, that can possibly result in a type-conflict error or give give unexpected results instead of a "use of uninitialized value" error. This patch makes it so uninitialized locals do always refer to a null value before executing the body of a event/hook handler, so that using them without assigning a value within the body will connsistently give a "use of uninitialized value" error. Addresses #932.
2025-10-05 08:08:19 +00:00 · 2013-01-17 15:21:50 -06:00 · 2013-01-17 15:21:50 -06:00 · 0a69b87f03
commit 0a69b87f03
parent 564e27abb6
4 changed files with 38 additions and 8 deletions
--- a/src/Stmt.cc
+++ b/src/Stmt.cc
@ -1789,13 +1789,21 @@ Val* InitStmt::Exec(Frame* f, stmt_flow_type& flow) const
 		ID* aggr = (*inits)[i];
 		BroType* t = aggr->Type();

-		Val* v;
-		if ( t->Tag() == TYPE_RECORD )
+		Val* v = 0;
+
+		switch ( t->Tag() ) {
+		case TYPE_RECORD:
 			v = new RecordVal(t->AsRecordType());
-		else if ( aggr->Type()->Tag() == TYPE_VECTOR )
+			break;
+		case TYPE_VECTOR:
 			v = new VectorVal(t->AsVectorType());
-		else
+			break;
+		case TYPE_TABLE:
 			v = new TableVal(t->AsTableType(), aggr->Attrs());
+			break;
+		default:
+			break;
+		}

 		f->SetElement(aggr->Offset(), v);
 		}
--- a/src/Var.cc
+++ b/src/Var.cc
@ -243,10 +243,7 @@ Stmt* add_local(ID* id, BroType* t, init_class c, Expr* init,

 	else
 		{
-		if ( t->Tag() == TYPE_RECORD || t->Tag() == TYPE_TABLE ||
-		     t->Tag() == TYPE_VECTOR )
-			current_scope()->AddInit(id);
-
+		current_scope()->AddInit(id);
 		return new NullStmt;
 		}
 	}
--- a/testing/btest/Baseline/language.uninitialized-local/out
+++ b/testing/btest/Baseline/language.uninitialized-local/out
@ -0,0 +1,2 @@
+error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.uninitialized-local/uninitialized-local.bro, line 16: value used but not set (my_string)
+Continuing
--- a/testing/btest/language/uninitialized-local.bro
+++ b/testing/btest/language/uninitialized-local.bro
@ -0,0 +1,23 @@
+# @TEST-EXEC: bro -b %INPUT >out 2>&1
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out
+
+event testit() &priority=10
+	{
+	local my_count: count = 10;
+	}
+
+event testit()
+	{
+	# my_string's value occupies same Frame offset as my_count's from above
+	# handler, but execution of this handler body should still "initialize"
+	# it to a null value instead of referring to a left-over value of my_count.
+	local my_string: string;
+	local my_vector: vector of string;
+	my_vector[0] = my_string;
+	print "Continuing";
+	}
+
+event bro_init()
+	{
+	event testit();
+	}