[Bug 278546] fdevname_r: pass partially uninitialized memory to kernel

Tue, 23 Apr 2024 03:24:15 -0700 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278546

            Bug ID: 278546
           Summary: fdevname_r: pass partially uninitialized memory to
                    kernel
           Product: Base System
           Version: 14.0-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: bin
          Assignee: [email protected]
          Reporter: [email protected]

Created attachment 250173
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=250173&action=edit
patch

valgrind:

==55093== Syscall param ioctl(generic) points to uninitialised byte(s)
==55093==    at 0x860342A: ioctl (in /lib/libc.so.7)
==55093==    by 0x855D1B6: fdevname_r (in /lib/libc.so.7)
==55093==    by 0x863842C: ptsname (in /lib/libc.so.7)
==55093==    by 0x76DCBD2: openpty (in /lib/libutil.so.9)
==55093==    by 0x76DCC93: forkpty (in /lib/libutil.so.9)
==55093==    by 0x7E9F8B4: UnixProcessImpl::Execute(wxEvtHandler*,
wxArrayString const&, unsigned long, wxString const&, IProcessCallback*)
(CodeLite/unixprocess_impl.cpp:312)
==55093==    by 0x7D1F4CA: CreateAsyncProcess(wxEvtHandler*, wxArrayString
const&, unsigned long, wxString const&,
std::__1::vector<std::__1::pair<wxString, wxString>,
std::__1::allocator<std::__1::pair<wxString, wxString> > > const*, wxString
const&) (CodeLite/asyncprocess.cpp:274)
==55093==    by 0x7D20BA0: CreateAsyncProcess(wxEvtHandler*, wxString const&,
unsigned long, wxString const&, std::__1::vector<std::__1::pair<wxString,
wxString>, std::__1::allocator<std::__1::pair<wxString, wxString> > > const*,
wxString const&) (CodeLite/asyncprocess.cpp:282)
==55093==    by 0x1495BE1E: GitPlugin::AsyncRunGit(wxEvtHandler*, wxString
const&, unsigned long, wxString const&, bool) (git/git.cpp:2961)
==55093==    by 0x149587CF: GitPlugin::ProcessGitActionQueue()
(git/git.cpp:1274)
==55093==    by 0x149569E2: GitPlugin::DoSetRepoPath(wxString const&)
(git/git.cpp:496)
==55093==    by 0x1494509D: GitPlugin::OnWorkspaceLoaded(clWorkspaceEvent&)
(git/git.cpp:1013)
==55093==  Address 0x1ffbffcfc4 is on thread 1's stack
==55093==  in frame #1, created by fdevname_r (???:)
==55093==  Uninitialised value was created by a stack allocation
==55093==    at 0x855D180: fdevname_r (in /lib/libc.so.7)
==55093== 


struct fiodgname_arg {
        int     len;
        void    *buf;
};
#define FIODGNAME       _IOW('f', 120, struct fiodgname_arg) /* get dev. name
*/

char *
fdevname_r(int fd, char *buf, int len)
{
        struct fiodgname_arg fgn;

        fgn.buf = buf;
        fgn.len = len;

        if (_ioctl(fd, FIODGNAME, &fgn) == -1)
                return (NULL);
        return (buf);
}

memory pad between len and buf is uninitialized.

-- 
You are receiving this mail because:
You are the assignee for the bug.

Reply via email to