[Bug 278546] fdevname_r: pass partially uninitialized memory to kernel
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 278546] fdevname_r: pass partially uninitialized memory to kernel"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 278546] fdevname_r: pass partially uninitialized memory to kernel"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 278546] fdevname_r: pass partially uninitialized memory to kernel"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 278546] fdevname_r: pass partially uninitialized memory to kernel"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 278546] fdevname_r: pass partially uninitialized memory to kernel"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 278546] fdevname_r: pass partially uninitialized memory to kernel"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 278546] fdevname_r: pass partially uninitialized memory to kernel"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 278546] fdevname_r: pass partially uninitialized memory to kernel"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 278546] fdevname_r: pass partially uninitialized memory to kernel"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 23 Apr 2024 10:24:08 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278546
Bug ID: 278546
Summary: fdevname_r: pass partially uninitialized memory to
kernel
Product: Base System
Version: 14.0-STABLE
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: bin
Assignee: bugs@FreeBSD.org
Reporter: rozhuk.im@gmail.com
Created attachment 250173
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=250173&action=edit
patch
valgrind:
==55093== Syscall param ioctl(generic) points to uninitialised byte(s)
==55093== at 0x860342A: ioctl (in /lib/libc.so.7)
==55093== by 0x855D1B6: fdevname_r (in /lib/libc.so.7)
==55093== by 0x863842C: ptsname (in /lib/libc.so.7)
==55093== by 0x76DCBD2: openpty (in /lib/libutil.so.9)
==55093== by 0x76DCC93: forkpty (in /lib/libutil.so.9)
==55093== by 0x7E9F8B4: UnixProcessImpl::Execute(wxEvtHandler*,
wxArrayString const&, unsigned long, wxString const&, IProcessCallback*)
(CodeLite/unixprocess_impl.cpp:312)
==55093== by 0x7D1F4CA: CreateAsyncProcess(wxEvtHandler*, wxArrayString
const&, unsigned long, wxString const&,
std::__1::vector<std::__1::pair<wxString, wxString>,
std::__1::allocator<std::__1::pair<wxString, wxString> > > const*, wxString
const&) (CodeLite/asyncprocess.cpp:274)
==55093== by 0x7D20BA0: CreateAsyncProcess(wxEvtHandler*, wxString const&,
unsigned long, wxString const&, std::__1::vector<std::__1::pair<wxString,
wxString>, std::__1::allocator<std::__1::pair<wxString, wxString> > > const*,
wxString const&) (CodeLite/asyncprocess.cpp:282)
==55093== by 0x1495BE1E: GitPlugin::AsyncRunGit(wxEvtHandler*, wxString
const&, unsigned long, wxString const&, bool) (git/git.cpp:2961)
==55093== by 0x149587CF: GitPlugin::ProcessGitActionQueue()
(git/git.cpp:1274)
==55093== by 0x149569E2: GitPlugin::DoSetRepoPath(wxString const&)
(git/git.cpp:496)
==55093== by 0x1494509D: GitPlugin::OnWorkspaceLoaded(clWorkspaceEvent&)
(git/git.cpp:1013)
==55093== Address 0x1ffbffcfc4 is on thread 1's stack
==55093== in frame #1, created by fdevname_r (???:)
==55093== Uninitialised value was created by a stack allocation
==55093== at 0x855D180: fdevname_r (in /lib/libc.so.7)
==55093==
struct fiodgname_arg {
int len;
void *buf;
};
#define FIODGNAME _IOW('f', 120, struct fiodgname_arg) /* get dev. name
*/
char *
fdevname_r(int fd, char *buf, int len)
{
struct fiodgname_arg fgn;
fgn.buf = buf;
fgn.len = len;
if (_ioctl(fd, FIODGNAME, &fgn) == -1)
return (NULL);
return (buf);
}
memory pad between len and buf is uninitialized.
--
You are receiving this mail because:
You are the assignee for the bug.