Date: Tue, 23 Apr 2024 10:24:08 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 278546] fdevname_r: pass partially uninitialized memory to kernel Message-ID: <bug-278546-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D278546 Bug ID: 278546 Summary: fdevname_r: pass partially uninitialized memory to kernel Product: Base System Version: 14.0-STABLE Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: rozhuk.im@gmail.com Created attachment 250173 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D250173&action= =3Dedit patch valgrind: =3D=3D55093=3D=3D Syscall param ioctl(generic) points to uninitialised byte= (s) =3D=3D55093=3D=3D at 0x860342A: ioctl (in /lib/libc.so.7) =3D=3D55093=3D=3D by 0x855D1B6: fdevname_r (in /lib/libc.so.7) =3D=3D55093=3D=3D by 0x863842C: ptsname (in /lib/libc.so.7) =3D=3D55093=3D=3D by 0x76DCBD2: openpty (in /lib/libutil.so.9) =3D=3D55093=3D=3D by 0x76DCC93: forkpty (in /lib/libutil.so.9) =3D=3D55093=3D=3D by 0x7E9F8B4: UnixProcessImpl::Execute(wxEvtHandler*, wxArrayString const&, unsigned long, wxString const&, IProcessCallback*) (CodeLite/unixprocess_impl.cpp:312) =3D=3D55093=3D=3D by 0x7D1F4CA: CreateAsyncProcess(wxEvtHandler*, wxArra= yString const&, unsigned long, wxString const&, std::__1::vector<std::__1::pair<wxString, wxString>, std::__1::allocator<std::__1::pair<wxString, wxString> > > const*, wxString const&) (CodeLite/asyncprocess.cpp:274) =3D=3D55093=3D=3D by 0x7D20BA0: CreateAsyncProcess(wxEvtHandler*, wxStri= ng const&, unsigned long, wxString const&, std::__1::vector<std::__1::pair<wxString, wxString>, std::__1::allocator<std::__1::pair<wxString, wxString> > > const= *, wxString const&) (CodeLite/asyncprocess.cpp:282) =3D=3D55093=3D=3D by 0x1495BE1E: GitPlugin::AsyncRunGit(wxEvtHandler*, w= xString const&, unsigned long, wxString const&, bool) (git/git.cpp:2961) =3D=3D55093=3D=3D by 0x149587CF: GitPlugin::ProcessGitActionQueue() (git/git.cpp:1274) =3D=3D55093=3D=3D by 0x149569E2: GitPlugin::DoSetRepoPath(wxString const= &) (git/git.cpp:496) =3D=3D55093=3D=3D by 0x1494509D: GitPlugin::OnWorkspaceLoaded(clWorkspac= eEvent&) (git/git.cpp:1013) =3D=3D55093=3D=3D Address 0x1ffbffcfc4 is on thread 1's stack =3D=3D55093=3D=3D in frame #1, created by fdevname_r (???:) =3D=3D55093=3D=3D Uninitialised value was created by a stack allocation =3D=3D55093=3D=3D at 0x855D180: fdevname_r (in /lib/libc.so.7) =3D=3D55093=3D=3D=20 struct fiodgname_arg { int len; void *buf; }; #define FIODGNAME _IOW('f', 120, struct fiodgname_arg) /* get dev. na= me */ char * fdevname_r(int fd, char *buf, int len) { struct fiodgname_arg fgn; fgn.buf =3D buf; fgn.len =3D len; if (_ioctl(fd, FIODGNAME, &fgn) =3D=3D -1) return (NULL); return (buf); } memory pad between len and buf is uninitialized. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-278546-227>