Uninitialized timestamps set in sppp_input
Hello, In sys/net/if_spppsubr.c last activity time stamps can be set to uninitialized values. Found with clang. Regards Index: sys/net/if_spppsubr.c === RCS file: /cvs/src/sys/net/if_spppsubr.c,v retrieving revision 1.144 diff -u -p -r1.144 if_spppsubr.c --- sys/net/if_spppsubr.c 2 Nov 2015 11:19:30 - 1.144 +++ sys/net/if_spppsubr.c 9 Nov 2015 07:44:58 - @@ -509,6 +509,7 @@ sppp_input(struct ifnet *ifp, struct mbu case PPP_IP: if (sp->state[IDX_IPCP] == STATE_OPENED) { inq = &ipintrq; + getmicrouptime(&tv); sp->pp_last_activity = tv.tv_sec; } break; @@ -521,6 +522,7 @@ sppp_input(struct ifnet *ifp, struct mbu case PPP_IPV6: if (sp->state[IDX_IPV6CP] == STATE_OPENED) { inq = &ip6intrq; + getmicrouptime(&tv); sp->pp_last_activity = tv.tv_sec; } break;
Use uninitialized in sys/kern/uipc_syscalls.c
Hello, clang reports (from a recent -current) a use uninitialized if doaccept in sys/kern/uipc_syscalls.c . If isdnssocket fails resulting in goto bad where both s and headfp have not yet been initialized, conceivably resulting in undefined effects. Regards Mark === RCS file: /cvs/src/sys/kern/uipc_syscalls.c,v retrieving revision 1.123 diff -u -p -r1.123 uipc_syscalls.c --- kern/uipc_syscalls.c1 Nov 2015 19:03:33 - 1.123 +++ kern/uipc_syscalls.c8 Nov 2015 22:30:12 - @@ -240,13 +240,13 @@ doaccept(struct proc *p, int sock, struc return (error); if ((error = getsock(p, sock, &fp)) != 0) return (error); + s = splsoftnet(); + headfp = fp; + head = fp->f_data; if (isdnssocket((struct socket *)fp->f_data)) { error = EINVAL; goto bad; } - headfp = fp; - s = splsoftnet(); - head = fp->f_data; redo: if ((head->so_options & SO_ACCEPTCONN) == 0) { error = EINVAL;
Potential free uninitialized pointer in kern_ktrace.c
Hello, reading through the compiler warnings I believe there is a potential issue in /usr/src/sys/kern/kern_ktrace.c At first glance it appears to free an uninitialized pointer memp. Regards int ktruser(struct proc *p, const char *id, const void *addr, size_t len) { struct ktr_header kth; struct ktr_user ktp; int error; //uninitalized void *memp; #define STK_PARAMS 128 long long stkbuf[STK_PARAMS / sizeof(long long)]; if (!KTRPOINT(p, KTR_USER)) return (0); if (len > KTR_USER_MAXLEN) return (EINVAL); atomic_setbits_int(&p->p_flag, P_INKTR); ktrinitheader(&kth, p, KTR_USER); memset(ktp.ktr_id, 0, KTR_USER_MAXIDLEN); error = copyinstr(id, ktp.ktr_id, KTR_USER_MAXIDLEN, NULL); //if error then skip setting memp if (error) goto out; if (len > sizeof(stkbuf)) memp = malloc(len, M_TEMP, M_WAITOK); else memp = stkbuf; error = copyin(addr, memp, len); if (error) goto out; ktrwrite2(p, &kth, &ktp, sizeof(ktp), memp, len); out: // frees the uninitialized pointer if (memp != stkbuf) free(memp, M_TEMP, len);