Date: Mon, 04 Jul 2016 21:27:44 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 210829] databases/db5: db-5.3.28/src/heap/heap_verify.c can pass __os_free(dbp->env, offsets) an uninitialized offsets value (a bad pointer) Message-ID: <bug-210829-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D210829 Bug ID: 210829 Summary: databases/db5: db-5.3.28/src/heap/heap_verify.c can pass __os_free(dbp->env, offsets) an uninitialized offsets value (a bad pointer) Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: mandree@FreeBSD.org Reporter: markmi@dsl-only.net Assignee: mandree@FreeBSD.org Flags: maintainer-feedback?(mandree@FreeBSD.org) db-5.3.28/src/heap/heap_verify.c has code of the structure: int __heap_vrfy(dbp, vdp, h, pgno, flags) DB *dbp; VRFY_DBINFO *vdp; PAGE *h; db_pgno_t pgno; u_int32_t flags; { HEAPHDR *hdr; int cnt, i, j, ret; db_indx_t *offsets, *offtbl, end; if ((ret =3D __db_vrfy_datapage(dbp, vdp, h, pgno, flags)) !=3D 0) goto err; . . . err: __os_free(dbp->env, offsets); return (ret); } If the listed goto is executed then __os_free is passed an uninitialized offsets value (a junk pointer). This was reported by the compiler used to build databases/db5. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-210829-13>