[Bug 278128] Use of uninitialized memory in libcam
Date: Tue, 02 Apr 2024 11:49:40 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278128
Bug ID: 278128
Summary: Use of uninitialized memory in libcam
Product: Base System
Version: 13.2-RELEASE
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: misc
Assignee: bugs@FreeBSD.org
Reporter: pen@lysator.liu.se
While running valgrind on a small tool I noticed a warning/problem it detected
in /usr/src/lib/libcam/camlib.c (cam_open_device->cam_lookup_pass->ioctl):
==61793== Memcheck, a memory error detector
==61793== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
==61793== Using Valgrind-3.22.0 and LibVEX; rerun with -h for copyright info
==61793== Command: ./drvlist -v
==61793==
==61793== Syscall param ioctl(generic) points to uninitialised byte(s)
==61793== at 0x4A0536A: ioctl (in /lib/libc.so.7)
==61793== by 0x206977: cam_lookup_pass (camlib.c:450)
==61793== by 0x206882: cam_open_device (camlib.c:266)
==61793== by 0x204D84: do_device (drvlist.c:398)
==61793== by 0x2059A3: main (drvlist.c:604)
==61793== Address 0x1ffbffee10 is on thread 1's stack
==61793== in frame #1, created by cam_lookup_pass (camlib.c:421)
==61793== Uninitialised value was created by a stack allocation
==61793== at 0x2068A4: cam_lookup_pass (camlib.c:421)
The problem is that cam_lookup_pass() doesn't fully initialize the ccb struct
before calling ioctl(). Probably not a big issue, but to get rid of that
warning a simple memset(&ccb, 0, sizeof(ccb)) before the code that initialize
it is needed.
--
You are receiving this mail because:
You are the assignee for the bug.