memo.c might not always be initialized

memo.float_value might change inside of hash_sum. In case it flipped from false to true there, and the calculated sum is Inf, memo.c might not be initialized at all. This is bad. Found using memory sanitizer: ==55293==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x55dfb8d6c529 in rb_float_new_inline internal.h:1814:53 ruby#1 0x55dfb8d1b30c in enum_sum enum.c:4017:18 ruby#2 0x55dfb86d75ad in call_cfunc_m1 vm_insnhelper.c:2041:12 ruby#3 0x55dfb864b141 in vm_call_cfunc_with_frame vm_insnhelper.c:2207:11 ruby#4 0x55dfb85e843d in vm_call_cfunc vm_insnhelper.c:2225:12 ruby#5 0x55dfb85e08f3 in vm_call_method_each_type vm_insnhelper.c:2560:9 ruby#6 0x55dfb85de9c7 in vm_call_method vm_insnhelper.c:2686:13 ruby#7 0x55dfb849eac6 in vm_call_general vm_insnhelper.c:2730:12 ruby#8 0x55dfb8686103 in vm_sendish vm_insnhelper.c:3623:11 ruby#9 0x55dfb84dc29e in vm_exec_core insns.def:789:11
tgxworld · Apr 26, 2019 · 40b5f2b · 40b5f2b
1 parent f02760f
commit 40b5f2b
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/enum.c b/enum.c
@@ -3997,6 +3997,10 @@ enum_sum(int argc, VALUE* argv, VALUE obj)
         memo.f = RFLOAT_VALUE(memo.v);
         memo.c = 0.0;
     }
+    else {
+        memo.f = 0.0;
+        memo.c = 0.0;
+    }
 
     if (RTEST(rb_range_values(obj, &beg, &end, &excl))) {
         if (!memo.block_given && !memo.float_value &&