[Bug 196194] New: Read/branch on uninitialized stat structure leftover from 4.4BSD-lite
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Dec 22 15:12:26 UTC 2014
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196194
Bug ID: 196194
Summary: Read/branch on uninitialized stat structure leftover
from 4.4BSD-lite
Product: Base System
Version: 11.0-CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: bin
Assignee: freebsd-bugs at FreeBSD.org
Reporter: areiter at veracode.com
In the usr.bin/hexdump source directory, there is code for hexdump tool, od
tool (I think that's it). In quickly looking at code that seems to only be used
in od, I found this oddball that seems to have gotten through compilers since
4.4BSD lite import:
368 void
369 doskip(const char *fname, int statok)
370 {
371 int cnt;
372 struct stat sb;
373
374 if (statok) {
375 if (fstat(fileno(stdin), &sb))
376 err(1, "%s", fname);
377 if (S_ISREG(sb.st_mode) && skip >= sb.st_size) {
378 address += sb.st_size;
379 skip -= sb.st_size;
380 return;
381 }
382 }
383 if (S_ISREG(sb.st_mode)) {
384 if (fseeko(stdin, skip, SEEK_SET))
385 err(1, "%s", fname);
386 address += skip;
387 skip = 0;
388 } else {
389 for (cnt = 0; cnt < skip; ++cnt)
390 if (getchar() == EOF)
391 break;
392 address += cnt;
393 skip -= cnt;
394 }
395 }
The code is reading and branching on initialized 'struct stat sb' structure.
I looked briefly to see what the appropriate fix was, but sadly, I have been
busy with some other work and was unable to come up with a suitable patch :-( I
apologize for this! If no one will work on it, I will do something slowly over
the holidays.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list