diff mbox series

[pciutils] libpci: Fix intel_sanity_check() function

Message ID 20211221204750.11169-1-pali@kernel.org
State New
Headers show
Series [pciutils] libpci: Fix intel_sanity_check() function | expand

Commit Message

Pali Rohár Dec. 21, 2021, 8:47 p.m. UTC 
Function intel_sanity_check() calls conf1_read() which access d->domain
field. But intel_sanity_check() does not initialize this field and so
conf1_read() access some random data on stack.

Tests showed that intel_sanity_check() always fails as in d->domain is
stored some non-zero number.

Fix this issue by properly initializing struct pci_dev d and explicitly set
d->domain to zero in intel_sanity_check() as sanity check is verifying PCI
devices at domain 0.
---
 lib/i386-ports.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Martin Mareš Dec. 26, 2021, 9:51 p.m. UTC | #1 
Hello!

> Function intel_sanity_check() calls conf1_read() which access d->domain
> field. But intel_sanity_check() does not initialize this field and so
> conf1_read() access some random data on stack.
> 
> Tests showed that intel_sanity_check() always fails as in d->domain is
> stored some non-zero number.
> 
> Fix this issue by properly initializing struct pci_dev d and explicitly set
> d->domain to zero in intel_sanity_check() as sanity check is verifying PCI
> devices at domain 0.

Thanks for finding the bug, but it makes little sense to initialize the fields
twice (once by memset, second time by zeroing out individual members). Just
keep the memset.

				Martin
diff mbox series

Patch

diff --git a/lib/i386-ports.c b/lib/i386-ports.c
index b3b752cb1f3f..b5e09dab6002 100644
--- a/lib/i386-ports.c
+++ b/lib/i386-ports.c
@@ -72,7 +72,9 @@  intel_sanity_check(struct pci_access *a, struct pci_methods *m)
 {
   struct pci_dev d;
 
+  memset(&d, 0, sizeof(d));
   a->debug("...sanity check");
+  d.domain = 0;
   d.bus = 0;
   d.func = 0;
   for (d.dev = 0; d.dev < 32; d.dev++)