From owner-freebsd-bugs@FreeBSD.ORG Mon Dec 22 15:12:26 2014 Return-Path: Delivered-To: freebsd-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3F5D492D for ; Mon, 22 Dec 2014 15:12:26 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0CC979AB for ; Mon, 22 Dec 2014 15:12:26 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id sBMFCP9l042781 for ; Mon, 22 Dec 2014 15:12:25 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 196194] New: Read/branch on uninitialized stat structure leftover from 4.4BSD-lite Date: Mon, 22 Dec 2014 15:12:26 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 11.0-CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: areiter@veracode.com X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Dec 2014 15:12:26 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196194 Bug ID: 196194 Summary: Read/branch on uninitialized stat structure leftover from 4.4BSD-lite Product: Base System Version: 11.0-CURRENT Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: areiter@veracode.com In the usr.bin/hexdump source directory, there is code for hexdump tool, od tool (I think that's it). In quickly looking at code that seems to only be used in od, I found this oddball that seems to have gotten through compilers since 4.4BSD lite import: 368 void 369 doskip(const char *fname, int statok) 370 { 371 int cnt; 372 struct stat sb; 373 374 if (statok) { 375 if (fstat(fileno(stdin), &sb)) 376 err(1, "%s", fname); 377 if (S_ISREG(sb.st_mode) && skip >= sb.st_size) { 378 address += sb.st_size; 379 skip -= sb.st_size; 380 return; 381 } 382 } 383 if (S_ISREG(sb.st_mode)) { 384 if (fseeko(stdin, skip, SEEK_SET)) 385 err(1, "%s", fname); 386 address += skip; 387 skip = 0; 388 } else { 389 for (cnt = 0; cnt < skip; ++cnt) 390 if (getchar() == EOF) 391 break; 392 address += cnt; 393 skip -= cnt; 394 } 395 } The code is reading and branching on initialized 'struct stat sb' structure. I looked briefly to see what the appropriate fix was, but sadly, I have been busy with some other work and was unable to come up with a suitable patch :-( I apologize for this! If no one will work on it, I will do something slowly over the holidays. -- You are receiving this mail because: You are the assignee for the bug.