[patch] Fix for "In function `_int_malloc' ... warning: `fb' may be used uninitialized in this function"

[ppluzhnikov at google dot com (Paul Pluzhnikov)]

Greetings,

Building glibc on Linux with ATOMIC_FASTBINS not defined results in a warning:

malloc.c: In function `_int_malloc':
malloc.c:4288:18: warning: `fb' may be used uninitialized in this function

We've analyzed the warning, and it is real -- there really is an error
path through _int_malloc() which results in assignment to *fb where fb has
not been initialized.  This path only happens when heap corruption is
detected and when malloc_printerr() does not abort.

But there is no reason for glibc to corrupt the state of the program even
further, and the extra branch/assignment introduced by the patchlet below
will only happen on error path, so (I think) the efficiency arguments
don't apply here.  Also, building without warnings is comforting.

Thanks,
--
Paul Pluzhnikov

2010-03-30  Paul Pluzhnikov  <ppluzhnikov@google.com>

	* malloc/malloc.c: Fix "may be used uninitialized" warning.

diff --git a/malloc/malloc.c b/malloc/malloc.c
index 6993aea..b926c74 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -4300,11 +4300,16 @@ _int_malloc(mstate av, size_t bytes)
     victim = *fb;
 #endif
     if (victim != 0) {
+      mfastbinptr junk;
       if (__builtin_expect (fastbin_index (chunksize (victim)) != idx, 0))
 	{
-	  errstr = "malloc(): memory corruption (fast)";
+	  const char *const errstr_fast = "malloc(): memory corruption (fast)";
+	  errstr = errstr_fast;
 	errout:
 	  malloc_printerr (check_action, errstr, chunk2mem (victim));
+	  if (errstr != errstr_fast)
+	    /* We jumped to errout label; fb has not been assigned.  */
+	    fb = &junk;
 	}
 #ifndef ATOMIC_FASTBINS
       *fb = victim->fd;