Conditional jump on uninitialised value(s) in cws.c

[davesliu]

The variables cws->peer_gone is not initialized in below piece of code in function nn_cws_handler of cws.c
//
/ STOPPING_USOCK state. /
/ usock object was asked to stop but it haven't stopped yet. /
//
case NN_CWS_STATE_STOPPING_USOCK:
switch (src) {

    case NN_CWS_SRC_USOCK:
        switch (type) {
        case NN_USOCK_SHUTDOWN:
            return;
        case NN_USOCK_STOPPED:
            /*  If the peer has confirmed itself gone with a Closing
                Handshake, or if the local endpoint failed the remote,
                don't try to reconnect. */
            if (!cws->peer_gone) {
                nn_backoff_start (&cws->retry);
                cws->state = NN_CWS_STATE_WAITING;
            }
            return;
        default:
            nn_fsm_bad_action (cws->state, src, type);
        }

    default:
        nn_fsm_bad_source (cws->state, src, type);
    }

[davesliu]

BTW, there is no "break" for each "case" & "default" in this nn_cws_handler function.

[gdamore]

The lack of a "break", is because the other cases "return", and default is the last case. There is no need for a break.

[gdamore]

Good catch on the uninitialized variable, though. This should be cleared to zero after the cws structure is allocated.

[davesliu]

if their is no “break”,the function nn_fsm_bad_action will be executed muti times....

[skyformat99]

nn_fsm_bad_action
nn_fsm_bad_source
These two functions are different。😄

[davesliu]

@skyformat99
Sorry.
Yes, both the nn_fsm_bad_action & nn_fsm_bad_action will be executed ...

[gdamore]

No, they won't -- because both of these call nn_fsm_error(), which aborts the program; these conditions are never supposed to arrive, and this is effectively an assertion that they do not.

See src/utils/err.h for details.