Hi!

----

AFAIK I found an issue with libast's memory allocator subsystem in
ast-ksh.2014-03-01 on SuSE 12.3/AMD64/64bit:
The following 3rd-party testcase (Sun/Oracle) ...
-- snip --
namespace foo.bar
{
typeset -T y_t=(
integer i=1
function print
{
print -- "${_.i}"
}
)
}

function new
{
nameref dest=$1
".${2}" newx

typeset -m dest=newx
}

function test1
{
new x foo.bar.y_t

x.print
}

for ((i=0 ; i < 100 ; i++ ))
{
test1
}
-- snip --

... triggers the following valgrind hit:

-- snip --
==4118== Conditional jump or move depends on uninitialised value(s)
==4118== at 0x5293F6: bestresize (vmbest.c:879)
==4118== by 0x52616D: _ast_realloc (malloc.c:786)
==4118== by 0x445BB8: nv_putval (name.c:2059)
==4118== by 0x4A16AF: arith (arith.c:628)
==4118== by 0x45DFEC: arith_exec (streval.c:221)
==4118== by 0x46E9A5: sh_exec (xec.c:2562)
==4118== by 0x46E627: sh_exec (xec.c:2508)
==4118== by 0x46D68F: sh_exec (xec.c:2259)
==4118== by 0x40FAB2: exfile (main.c:610)
==4118== by 0x40ECFD: sh_main (main.c:382)
==4118== by 0x40DE80: main (pmain.c:45)
==4118== Uninitialised value was created by a stack allocation
==4118== at 0x528DC3: bestresize (vmbest.c:775)
-- snip --

Next best guess is that variable |incz|'s initalisation in
|bestresize()| is somehow skipped (|goto| statement maybe ?) ...
... the following patch suppresses the valgrind hit...
-- snip --
diff -u ./src/lib/libast/vmalloc/vmbest.c.orig ./src/lib/libast/vmalloc/vmbest.c
--- ./src/lib/libast/vmalloc/vmbest.c.orig 2014-03-28
13:43:02.226084099 +0100
+++ ./src/lib/libast/vmalloc/vmbest.c 2014-03-28 13:43:06.195596472 +0100
@@ -774,7 +774,7 @@
static Void_t* bestresize(Vmalloc_t* vm, Void_t* data, size_t size,
int type, int local)
{
Block_t *rp, *np;
- ssize_t sz, oldz, newz, incz;
+ ssize_t sz, oldz, newz, incz = 0;
Pack_t *pack;
Void_t *rsdt = data;
/**/DEBUG_DECLARE(Vmbest_t, *best = (Vmbest_t*)vm->data)
-- snip --
... but I'm not sure whether it's correct or not.

Phong: What do you think ?

----

Bye,
Roland