[bug] possible condition depending on uninitialized value in _notmuch_message_sync

Subject: [bug] possible condition depending on uninitialized value in _notmuch_message_sync

Date: Mon, 16 May 2022 02:27:53 -0700

To: notmuch@notmuchmail.org

Cc:

From: Eliza Velasquez

Hello notmuch,

I noticed something peculiar while hacking on the notmuch Rust bindings.
One of the unit tests, when run through valgrind, consistently produced
this trace:

--8<---------------cut here---------------start------------->8---
==232461== Thread 2 test_tags::mutab:
==232461== Conditional jump or move depends on uninitialised value(s)
==232461==    at 0x486E8C6: _notmuch_message_sync (in /nix/store/w5i4pvirysllyh6wq5pxqcm62j4g36fl-notmuch-0.35/lib/libnotmuch.so.5.6.0)
==232461==    by 0x4870E6E: notmuch_message_remove_tag (in /nix/store/w5i4pvirysllyh6wq5pxqcm62j4g36fl-notmuch-0.35/lib/libnotmuch.so.5.6.0)
==232461==    by 0x1BE953: notmuch::message::Message::remove_tag (message.rs:125)
==232461==    by 0x15FD83: tests::test_tags::mutable::test_discard_not_present (test_tags.rs:118)
==232461==    by 0x159EC9: tests::test_tags::mutable::test_discard_not_present::{{closure}} (test_tags.rs:114)
==232461==    by 0x14FCBD: core::ops::function::FnOnce::call_once (function.rs:227)
==232461==    by 0x171B52: test::__rust_begin_short_backtrace (in /home/eliza/Git/notmuch-rs/target/debug/deps/tests-36359cb32ba337d6)
==232461==    by 0x171CD8: test::run_test_in_process (in /home/eliza/Git/notmuch-rs/target/debug/deps/tests-36359cb32ba337d6)
==232461==    by 0x19E2B7: _ZN3std10sys_common9backtrace28__rust_begin_short_backtrace17hd93c8f36d9bfcd36E.llvm.6931861783653830752 (in /home/eliza/Git/notmuch-rs/target/debug/deps/tests-36359cb32ba337d6)
==232461==    by 0x184605: core::ops::function::FnOnce::call_once{{vtable.shim}} (in /home/eliza/Git/notmuch-rs/target/debug/deps/tests-36359cb32ba337d6)
==232461==    by 0x2896E2: std::sys::unix::thread::Thread::new::thread_start (in /home/eliza/Git/notmuch-rs/target/debug/deps/tests-36359cb32ba337d6)
==232461==    by 0x4D9CEB1: start_thread (in /nix/store/ayrsyv7npr0lcbann4k9lxr19x813f0z-glibc-2.34-115/lib/libc.so.6)
--8<---------------cut here---------------end--------------->8---

The test definition follows.

--8<---------------cut here---------------start------------->8---
#[test]
fn test_discard_not_present() {
    let tagset = TagSetFixture::new(true, false);
    assert!(!tagset.message.tags().any(|x| x == "foo"));

    tagset.message.remove_tag("foo").unwrap();
}
--8<---------------cut here---------------end--------------->8---

First line, when called with these two arguments, creates a new notmuch
database with a single dummy message and opens it in `ReadWrite' mode.
Investigating the rest of the Rust-side of the stack trace, I didn't
find anything particularly suspicious in the way it handles memory.

Is it possible then that there's a potential memory error with removing
a non-existent tag on a message? I wanted to ask about this on the
mailing list before diving in deeper, since this isn't quite the latest
version of notmuch and I wasn't sure if it had been fixed in 0.36. I
searched the mailing list archives for this particular issue, but I
wasn't able to find anything.

-- 
Eliza
_______________________________________________
notmuch mailing list -- notmuch@notmuchmail.org
To unsubscribe send an email to notmuch-leave@notmuchmail.org

Thread: