Fix error found by Madhu Kurup:
Loop overrun occurs as the i+1 value is being processed. A code path
exists where i can be uninitialized but incremented (line 1082).
git-svn-id: svn://svn.valgrind.org/valgrind/trunk@3800 a5019735-40e9-0310-863c-91ae7b9d1cf9
diff --git a/massif/ms_main.c b/massif/ms_main.c
index ce5deee..f695b66 100644
--- a/massif/ms_main.c
+++ b/massif/ms_main.c
@@ -923,7 +923,7 @@
// Sets j to the index of the first not-yet-removed census at or after i
#define FIND_CENSUS(i, j) \
- for (j = i; -1 == censi[j].ms_time; j++) { }
+ for (j = i; j < MAX_N_CENSI && -1 == censi[j].ms_time; j++) { }
for (i = 2; i < MAX_N_CENSI; i += 2) {
// Find the censi representing the smallest timespan. The timespan
@@ -989,7 +989,6 @@
static UInt ms_next_census = 0; // zero allows startup census
Int ms_time, ms_time_since_prev;
- Int i, K;
Census* census;
VGP_PUSHCC(VgpCensus);
@@ -1010,6 +1009,7 @@
// Heap: snapshot the K most significant XTrees -------------------
if (clo_heap) {
+ Int i, K;
K = ( alloc_xpt->n_children < MAX_SNAPSHOTS
? alloc_xpt->n_children
: MAX_SNAPSHOTS); // max out
@@ -1086,7 +1086,6 @@
census->stacks_space = sigstacks_space;
// slightly abusing this function
VG_(first_matching_thread_stack)( count_stack_size, &census->stacks_space );
- i++;
}
// Finish, update interval if necessary -----------------------------