[Bug 210829] databases/db5: db-5.3.28/src/heap/heap_verify.c can pass __os_free(dbp->env, offsets) an uninitialized offsets value (a bad pointer)
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Jul 4 21:27:45 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210829
Bug ID: 210829
Summary: databases/db5: db-5.3.28/src/heap/heap_verify.c can
pass __os_free(dbp->env, offsets) an uninitialized
offsets value (a bad pointer)
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: mandree at FreeBSD.org
Reporter: markmi at dsl-only.net
Assignee: mandree at FreeBSD.org
Flags: maintainer-feedback?(mandree at FreeBSD.org)
db-5.3.28/src/heap/heap_verify.c has code of the structure:
int
__heap_vrfy(dbp, vdp, h, pgno, flags)
DB *dbp;
VRFY_DBINFO *vdp;
PAGE *h;
db_pgno_t pgno;
u_int32_t flags;
{
HEAPHDR *hdr;
int cnt, i, j, ret;
db_indx_t *offsets, *offtbl, end;
if ((ret = __db_vrfy_datapage(dbp, vdp, h, pgno, flags)) != 0)
goto err;
. . .
err: __os_free(dbp->env, offsets);
return (ret);
}
If the listed goto is executed then __os_free is passed an uninitialized
offsets value (a junk pointer).
This was reported by the compiler used to build databases/db5.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list