pcscd attempts to read uninitialized memory and free an invalid
pointer when its configuration directory is empty.
The patch fixes this by initializing reader_list to NULL.
==2658== Conditional jump or move depends on uninitialised value(s)
==2658== at 0x40A2EF: RFStartSerialReaders (readerfactory.c:1324)
==2658== by 0x40743F: main (pcscdaemon.c:522)
==2658== ==2658== Use of uninitialised value of size 8
==2658== at 0x40A2F5: RFStartSerialReaders (readerfactory.c:1327)
==2658== by 0x40743F: main (pcscdaemon.c:522)
==2658== ==2658== Conditional jump or move depends on uninitialised value(s)
==2658== at 0x4C26D25: free (vg_replace_malloc.c:325)
==2658== by 0x40A404: RFStartSerialReaders (readerfactory.c:1348)
==2658== by 0x40743F: main (pcscdaemon.c:522)
==2658== ==2658== Invalid free() / delete / delete[]
==2658== at 0x4C26D72: free (vg_replace_malloc.c:325)
==2658== by 0x40A404: RFStartSerialReaders (readerfactory.c:1348)
==2658== by 0x40743F: main (pcscdaemon.c:522)
==2658== Address 0x4222148 is not stack'd, malloc'd or (recently) free'd
--- pcsc-lite-1.6.1/src/readerfactory.c.orig 2010-07-04 23:42:14.000000000
+0300
+++ pcsc-lite-1.6.1/src/readerfactory.c 2010-07-04 23:42:23.000000000 +0300
@@ -1312,7 +1312,7 @@ void RFCleanupReaders(void)
#ifdef USE_SERIAL
int RFStartSerialReaders(const char *readerconf)
{
- SerialReader *reader_list;
+ SerialReader *reader_list = NULL;
int i, rv;
/* remember the configuration filename for RFReCheckReaderConf() */
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
