From owner-freebsd-bugs  Tue Sep  1 11:10:07 1998
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA26528
          for freebsd-bugs-outgoing; Tue, 1 Sep 1998 11:10:07 -0700 (PDT)
          (envelope-from owner-freebsd-bugs@FreeBSD.ORG)
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA26520
          for <freebsd-bugs@FreeBSD.org>; Tue, 1 Sep 1998 11:10:06 -0700 (PDT)
          (envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.8.8/8.8.5) id LAA12337;
	Tue, 1 Sep 1998 11:10:00 -0700 (PDT)
Received: from axl.training.iafrica.com (axl.training.iafrica.com [196.31.1.175])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA25490
          for <FreeBSD-gnats-submit@freebsd.org>; Tue, 1 Sep 1998 11:06:18 -0700 (PDT)
          (envelope-from sheldonh@axl.training.iafrica.com)
Received: from sheldonh by axl.training.iafrica.com with local (Exim 1.92 #1)
	for FreeBSD-gnats-submit@freebsd.org
	id 0zDukg-0004Fm-00; Tue, 1 Sep 1998 20:01:58 +0200
Message-Id: <E0zDukg-0004Fm-00@axl.training.iafrica.com>
Date: Tue, 1 Sep 1998 20:01:58 +0200
From: axl@iafrica.com
Reply-To: axl@iafrica.com
To: FreeBSD-gnats-submit@FreeBSD.ORG
X-Send-Pr-Version: 3.2
Subject: bin/7799: kbdcontrol uses uninitialized variable
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         7799
>Category:       bin
>Synopsis:       kbdcontrol uses uninitialized variable
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Sep  1 11:10:00 PDT 1998
>Last-Modified:
>Originator:     Sheldon Hearn
>Organization:
UUNET Internet Africa
>Release:        FreeBSD 2.2.7-STABLE i386
>Environment:

	FreeBSD 2.2.7-STABLE as of 28 August 1998

>Description:

	When kbdcontrol is used to set keyrates, it passes an
	unititialized variable as an argument to ioctl(). Mostly,
	this is no problem, but under certain conditions that are
	difficult to describe accurately, this will cause the call
	to ioctl() to return EINVAL.

>How-To-Repeat:

	Because of the nature of the fault, I can't think of a way
	to reproduce  this outside of my own environment. However,
	I've attached gdb output from an environment in which the
	error does not occur, followed by gdb output from an
	environment conducive to reproducing this error.

-------- NO PROBLEM:
Script started on Tue Sep  1 19:02:32 1998
GDB is free software and you are welcome to distribute copies of it
 under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.16 (i386-unknown-freebsd), 
Copyright 1996 Free Software Foundation, Inc...
(gdb) set args -r fast </dev/ttyv1
(gdb) break set_keyrates
Breakpoint 1 at 0x3d1c: file kbdcontrol.c, line 814.
(gdb) run
Starting program: /usr/home/sheldonh/bin/kbdcontrol -r fast </dev/ttyv1

Breakpoint 1, set_keyrates (opt=0xefbfddc1 "fast") at kbdcontrol.c:814
814		if (!strcmp(opt, "slow"))
(gdb) next
816		else if (!strcmp(opt, "normal"))
(gdb) next
818		else if (!strcmp(opt, "fast"))
(gdb) next
819			rate.del = rate.rep = 0;
(gdb) next
845		if (ioctl(0, KDSETRAD, rate) < 0)
(gdb) print rate
$1 = {rep = 0, del = 0, pad = 0}
(gdb) next
847	}
(gdb) quit
The program is running.  Quit anyway (and kill it)? (y or n) y

Script done on Tue Sep  1 19:03:21 1998

-------- PROBLEM:
Script started on Tue Sep  1 18:59:38 1998
GDB is free software and you are welcome to distribute copies of it
 under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.16 (i386-unknown-freebsd), 
Copyright 1996 Free Software Foundation, Inc...
(gdb) set args -r fast </dev/ttyv1
(gdb) break set_keyrates
Breakpoint 1 at 0x3d1c: file kbdcontrol.c, line 814.
(gdb) run
Starting program: /usr/home/sheldonh/bin/kbdcontrol -r fast </dev/ttyv1

Breakpoint 1, set_keyrates (opt=0xefbfdd35 "fast") at kbdcontrol.c:814
814		if (!strcmp(opt, "slow"))
(gdb) next
816		else if (!strcmp(opt, "normal"))
(gdb) next
818		else if (!strcmp(opt, "fast"))
(gdb) next
819			rate.del = rate.rep = 0;
(gdb) next
845		if (ioctl(0, KDSETRAD, rate) < 0)
(gdb) print rate
$1 = {rep = 0, del = 0, pad = -1}
(gdb) next
846			warn("setting keyboard rate");
(gdb) next
kbdcontrol: setting keyboard rate: Invalid argument
847	}
(gdb) quit
The program is running.  Quit anyway (and kill it)? (y or n) y

Script done on Tue Sep  1 19:01:00 1998

>Fix:
	
	The following patch ensures that variable passed as an
	argument to ioctl() is always initialized.

--- src/usr.sbin/kbdcontrol/kbdcontrol.c.orig	Fri Aug 28 16:54:53 1998
+++ src/usr.sbin/kbdcontrol/kbdcontrol.c	Tue Sep  1 19:09:30 1998
@@ -842,6 +842,7 @@
 		rate.rep = n;
 	}
 
+	rate.pad = 0;
 	if (ioctl(0, KDSETRAD, rate) < 0)
 		warn("setting keyboard rate");
 }
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message