[Bug 196194] New: Read/branch on uninitialized stat structure leftover from 4.4BSD-lite

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Mon Dec 22 15:12:26 UTC 2014


            Bug ID: 196194
           Summary: Read/branch on uninitialized stat structure leftover
                    from 4.4BSD-lite
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: areiter at veracode.com

In the usr.bin/hexdump source directory, there is code for hexdump tool, od
tool (I think that's it). In quickly looking at code that seems to only be used
in od, I found this oddball that seems to have gotten through compilers since
4.4BSD lite import:

368    void
369    doskip(const char *fname, int statok)
370    {
371            int cnt;
372            struct stat sb;
374            if (statok) {
375                    if (fstat(fileno(stdin), &sb))
376                            err(1, "%s", fname);
377                    if (S_ISREG(sb.st_mode) && skip >= sb.st_size) {
378                            address += sb.st_size;
379                            skip -= sb.st_size;
380                            return;
381                    }
382            }
383            if (S_ISREG(sb.st_mode)) {
384                    if (fseeko(stdin, skip, SEEK_SET))
385                            err(1, "%s", fname);
386                    address += skip;
387                    skip = 0;
388            } else {
389                    for (cnt = 0; cnt < skip; ++cnt)
390                            if (getchar() == EOF)
391                                    break;
392                    address += cnt;
393                    skip -= cnt;
394            }
395    }

The code is reading and branching on initialized 'struct stat sb' structure.

I looked briefly to see what the appropriate fix was, but sadly, I have been
busy with some other work and was unable to come up with a suitable patch :-( I
apologize for this! If no one will work on it, I will do something slowly over
the holidays.

You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list