| Message ID | 20211121191337.94463-1-james.hilliard1@gmail.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/1] network_thread: ensure ipcmsg is initialised | expand |
Hi James, On 21.11.21 20:13, James Hilliard wrote: > We need to memset ipcmsg.data as ipcmsg.data.msg does not cover the > entire ipcmsg.data structure. > > Fixes: > ==624558== Syscall param socketcall.sendto(msg) points to uninitialised byte(s) > ==624558== at 0x487377C: __libc_send (send.c:28) > ==624558== by 0x487377C: send (send.c:23) > ==624558== by 0x12B620: write_notify_msg (network_thread.c:137) > ==624558== by 0x12B7B7: send_notify_msg (network_thread.c:166) > ==624558== by 0x12BA0E: network_notifier (network_thread.c:219) > ==624558== by 0x122305: notify (notifier.c:239) > ==624558== by 0x12CAF3: network_thread (network_thread.c:533) > ==624558== by 0x4868608: start_thread (pthread_create.c:477) > ==624558== by 0x517D292: clone (clone.S:95) > ==624558== Address 0xa728843 is on thread 5's stack > ==624558== in frame #3, created by network_notifier (network_thread.c:177) > ==624558== Uninitialised value was created by a stack allocation > ==624558== at 0x12B7D2: network_notifier (network_thread.c:177) > ==624558== > > Signed-off-by: James Hilliard <james.hilliard1@gmail.com> > --- > core/network_thread.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/core/network_thread.c b/core/network_thread.c > index 27e8fd8..1b63690 100644 > --- a/core/network_thread.c > +++ b/core/network_thread.c > @@ -209,7 +209,7 @@ static void network_notifier(RECOVERY_STATUS status, int error, int level, const > > ipcmsg.magic = IPC_MAGIC; > ipcmsg.type = NOTIFY_STREAM; > - memset(ipcmsg.data.msg, 0, sizeof(ipcmsg.data.msg)); > + memset(&ipcmsg.data, 0, sizeof(ipcmsg.data)); > > strncpy(ipcmsg.data.notify.msg, newmsg->msg, > sizeof(ipcmsg.data.notify.msg) - 1); > Applied to -master, thanks ! Best regards, Stefano Babic
diff --git a/core/network_thread.c b/core/network_thread.c index 27e8fd8..1b63690 100644 --- a/core/network_thread.c +++ b/core/network_thread.c @@ -209,7 +209,7 @@ static void network_notifier(RECOVERY_STATUS status, int error, int level, const ipcmsg.magic = IPC_MAGIC; ipcmsg.type = NOTIFY_STREAM; - memset(ipcmsg.data.msg, 0, sizeof(ipcmsg.data.msg)); + memset(&ipcmsg.data, 0, sizeof(ipcmsg.data)); strncpy(ipcmsg.data.notify.msg, newmsg->msg, sizeof(ipcmsg.data.notify.msg) - 1);
We need to memset ipcmsg.data as ipcmsg.data.msg does not cover the entire ipcmsg.data structure. Fixes: ==624558== Syscall param socketcall.sendto(msg) points to uninitialised byte(s) ==624558== at 0x487377C: __libc_send (send.c:28) ==624558== by 0x487377C: send (send.c:23) ==624558== by 0x12B620: write_notify_msg (network_thread.c:137) ==624558== by 0x12B7B7: send_notify_msg (network_thread.c:166) ==624558== by 0x12BA0E: network_notifier (network_thread.c:219) ==624558== by 0x122305: notify (notifier.c:239) ==624558== by 0x12CAF3: network_thread (network_thread.c:533) ==624558== by 0x4868608: start_thread (pthread_create.c:477) ==624558== by 0x517D292: clone (clone.S:95) ==624558== Address 0xa728843 is on thread 5's stack ==624558== in frame #3, created by network_notifier (network_thread.c:177) ==624558== Uninitialised value was created by a stack allocation ==624558== at 0x12B7D2: network_notifier (network_thread.c:177) ==624558== Signed-off-by: James Hilliard <james.hilliard1@gmail.com> --- core/network_thread.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)