Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 02 Apr 2024 11:49:40 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 278128] Use of uninitialized memory in libcam
Message-ID:  <bug-278128-227@https.bugs.freebsd.org/bugzilla/>

next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D278128

            Bug ID: 278128
           Summary: Use of uninitialized memory in libcam
           Product: Base System
           Version: 13.2-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: misc
          Assignee: bugs@FreeBSD.org
          Reporter: pen@lysator.liu.se

While running valgrind on a small tool I noticed a warning/problem it detec=
ted
in /usr/src/lib/libcam/camlib.c (cam_open_device->cam_lookup_pass->ioctl):

=3D=3D61793=3D=3D Memcheck, a memory error detector
=3D=3D61793=3D=3D Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward =
et al.
=3D=3D61793=3D=3D Using Valgrind-3.22.0 and LibVEX; rerun with -h for copyr=
ight info
=3D=3D61793=3D=3D Command: ./drvlist -v
=3D=3D61793=3D=3D=20
=3D=3D61793=3D=3D Syscall param ioctl(generic) points to uninitialised byte=
(s)
=3D=3D61793=3D=3D    at 0x4A0536A: ioctl (in /lib/libc.so.7)
=3D=3D61793=3D=3D    by 0x206977: cam_lookup_pass (camlib.c:450)
=3D=3D61793=3D=3D    by 0x206882: cam_open_device (camlib.c:266)
=3D=3D61793=3D=3D    by 0x204D84: do_device (drvlist.c:398)
=3D=3D61793=3D=3D    by 0x2059A3: main (drvlist.c:604)
=3D=3D61793=3D=3D  Address 0x1ffbffee10 is on thread 1's stack
=3D=3D61793=3D=3D  in frame #1, created by cam_lookup_pass (camlib.c:421)
=3D=3D61793=3D=3D  Uninitialised value was created by a stack allocation
=3D=3D61793=3D=3D    at 0x2068A4: cam_lookup_pass (camlib.c:421)

The problem is that cam_lookup_pass() doesn't fully initialize the ccb stru=
ct
before calling ioctl(). Probably not a big issue, but to get rid of that
warning a simple memset(&ccb, 0, sizeof(ccb)) before the code that initiali=
ze
it is needed.

--=20
You are receiving this mail because:
You are the assignee for the bug.=



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-278128-227>