This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug libstdc++/71434] New: binomial_distribution operator(): using uninitialized variable
- From: "barannikov88 at gmail dot com" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Mon, 06 Jun 2016 11:53:43 +0000
- Subject: [Bug libstdc++/71434] New: binomial_distribution operator(): using uninitialized variable
- Auto-submitted: auto-generated
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71434
Bug ID: 71434
Summary: binomial_distribution operator(): using uninitialized
variable
Product: gcc
Version: 5.1.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: libstdc++
Assignee: unassigned at gcc dot gnu.org
Reporter: barannikov88 at gmail dot com
Target Milestone: ---
The variable __x declared at line 1699 of file
libstdc++-v3/include/bits/random.tcc may be used uninitialized. This happens
when the following conditions are met:
__u <= __a1 (line 1724)
__y >= __param._M_d1 (line 1728)
When both conditions are TRUE, the variable __x is used uninitialized at line
1782:
__reject |= __x + __np >= __thr;
Seems that it is assumed that __x has a meaningful value only when __reject ==
FALSE (other uses of __x are under this condition). If __reject is TRUE, then
the value of the variable __x doesn't matter: __reject will remain TRUE. But
__x is used unconditionally it this context, that leads to execution error on a
machine with tagged architecture (this is how I found it).
This line should be rewritten as:
__reject = __reject || __x + __np >= __thr;
(note that if __reject is TRUE, the variable __x is not used.)
This applies to all versions of libstdc++. Line numbers provided are for
gcc-5.1.