Date: Mon, 22 Dec 2014 15:12:26 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 196194] New: Read/branch on uninitialized stat structure leftover from 4.4BSD-lite Message-ID: <bug-196194-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196194 Bug ID: 196194 Summary: Read/branch on uninitialized stat structure leftover from 4.4BSD-lite Product: Base System Version: 11.0-CURRENT Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: areiter@veracode.com In the usr.bin/hexdump source directory, there is code for hexdump tool, od tool (I think that's it). In quickly looking at code that seems to only be used in od, I found this oddball that seems to have gotten through compilers since 4.4BSD lite import: 368 void 369 doskip(const char *fname, int statok) 370 { 371 int cnt; 372 struct stat sb; 373 374 if (statok) { 375 if (fstat(fileno(stdin), &sb)) 376 err(1, "%s", fname); 377 if (S_ISREG(sb.st_mode) && skip >= sb.st_size) { 378 address += sb.st_size; 379 skip -= sb.st_size; 380 return; 381 } 382 } 383 if (S_ISREG(sb.st_mode)) { 384 if (fseeko(stdin, skip, SEEK_SET)) 385 err(1, "%s", fname); 386 address += skip; 387 skip = 0; 388 } else { 389 for (cnt = 0; cnt < skip; ++cnt) 390 if (getchar() == EOF) 391 break; 392 address += cnt; 393 skip -= cnt; 394 } 395 } The code is reading and branching on initialized 'struct stat sb' structure. I looked briefly to see what the appropriate fix was, but sadly, I have been busy with some other work and was unable to come up with a suitable patch :-( I apologize for this! If no one will work on it, I will do something slowly over the holidays. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-196194-8>