Date: Tue, 1 Sep 1998 20:01:58 +0200 From: axl@iafrica.com To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: bin/7799: kbdcontrol uses uninitialized variable Message-ID: <E0zDukg-0004Fm-00@axl.training.iafrica.com>
next in thread | raw e-mail | index | archive | help
>Number: 7799
>Category: bin
>Synopsis: kbdcontrol uses uninitialized variable
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Sep 1 11:10:00 PDT 1998
>Last-Modified:
>Originator: Sheldon Hearn
>Organization:
UUNET Internet Africa
>Release: FreeBSD 2.2.7-STABLE i386
>Environment:
FreeBSD 2.2.7-STABLE as of 28 August 1998
>Description:
When kbdcontrol is used to set keyrates, it passes an
unititialized variable as an argument to ioctl(). Mostly,
this is no problem, but under certain conditions that are
difficult to describe accurately, this will cause the call
to ioctl() to return EINVAL.
>How-To-Repeat:
Because of the nature of the fault, I can't think of a way
to reproduce this outside of my own environment. However,
I've attached gdb output from an environment in which the
error does not occur, followed by gdb output from an
environment conducive to reproducing this error.
-------- NO PROBLEM:
Script started on Tue Sep 1 19:02:32 1998
GDB is free software and you are welcome to distribute copies of it
under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.16 (i386-unknown-freebsd),
Copyright 1996 Free Software Foundation, Inc...
(gdb) set args -r fast </dev/ttyv1
(gdb) break set_keyrates
Breakpoint 1 at 0x3d1c: file kbdcontrol.c, line 814.
(gdb) run
Starting program: /usr/home/sheldonh/bin/kbdcontrol -r fast </dev/ttyv1
Breakpoint 1, set_keyrates (opt=0xefbfddc1 "fast") at kbdcontrol.c:814
814 if (!strcmp(opt, "slow"))
(gdb) next
816 else if (!strcmp(opt, "normal"))
(gdb) next
818 else if (!strcmp(opt, "fast"))
(gdb) next
819 rate.del = rate.rep = 0;
(gdb) next
845 if (ioctl(0, KDSETRAD, rate) < 0)
(gdb) print rate
$1 = {rep = 0, del = 0, pad = 0}
(gdb) next
847 }
(gdb) quit
The program is running. Quit anyway (and kill it)? (y or n) y
Script done on Tue Sep 1 19:03:21 1998
-------- PROBLEM:
Script started on Tue Sep 1 18:59:38 1998
GDB is free software and you are welcome to distribute copies of it
under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.16 (i386-unknown-freebsd),
Copyright 1996 Free Software Foundation, Inc...
(gdb) set args -r fast </dev/ttyv1
(gdb) break set_keyrates
Breakpoint 1 at 0x3d1c: file kbdcontrol.c, line 814.
(gdb) run
Starting program: /usr/home/sheldonh/bin/kbdcontrol -r fast </dev/ttyv1
Breakpoint 1, set_keyrates (opt=0xefbfdd35 "fast") at kbdcontrol.c:814
814 if (!strcmp(opt, "slow"))
(gdb) next
816 else if (!strcmp(opt, "normal"))
(gdb) next
818 else if (!strcmp(opt, "fast"))
(gdb) next
819 rate.del = rate.rep = 0;
(gdb) next
845 if (ioctl(0, KDSETRAD, rate) < 0)
(gdb) print rate
$1 = {rep = 0, del = 0, pad = -1}
(gdb) next
846 warn("setting keyboard rate");
(gdb) next
kbdcontrol: setting keyboard rate: Invalid argument
847 }
(gdb) quit
The program is running. Quit anyway (and kill it)? (y or n) y
Script done on Tue Sep 1 19:01:00 1998
>Fix:
The following patch ensures that variable passed as an
argument to ioctl() is always initialized.
--- src/usr.sbin/kbdcontrol/kbdcontrol.c.orig Fri Aug 28 16:54:53 1998
+++ src/usr.sbin/kbdcontrol/kbdcontrol.c Tue Sep 1 19:09:30 1998
@@ -842,6 +842,7 @@
rate.rep = n;
}
+ rate.pad = 0;
if (ioctl(0, KDSETRAD, rate) < 0)
warn("setting keyboard rate");
}
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0zDukg-0004Fm-00>