daniel submitted this change.
osmo_io: Init struct msghdr to zero
Avoid uninitialized read, found with valgrind
Syscall param recvmsg(msg) points to uninitialised byte(s)
at 0x49FD865: __recvmsg_syscall (recvmsg.c:27)
by 0x49FD865: recvmsg (recvmsg.c:41)
by 0x4891FAE: iofd_poll_ofd_cb_recvmsg_sendmsg (osmo_io_poll.c:66)
by 0x48921B2: iofd_poll_ofd_cb_dispatch (osmo_io_poll.c:119)
by 0x48941F1: poll_disp_fds (select.c:419)
by 0x4894299: _osmo_select_main (select.c:457)
by 0x4894304: osmo_select_main (select.c:496)
by 0x10DC3E: test_segm_ipa_stream_srv_run (stream_test.c:628)
by 0x10E2A5: main (stream_test.c:879)
Address 0x1ffefffa68 is on thread 1's stack
in frame #1, created by iofd_poll_ofd_cb_recvmsg_sendmsg (osmo_io_poll.c:45)
Change-Id: I21114ad57784126cfdeb4a932ed44dbf23946fbe
---
M src/core/osmo_io_poll.c
1 file changed, 30 insertions(+), 4 deletions(-)
diff --git a/src/core/osmo_io_poll.c b/src/core/osmo_io_poll.c
index c230188..d207047 100644
--- a/src/core/osmo_io_poll.c
+++ b/src/core/osmo_io_poll.c
@@ -58,10 +58,12 @@
hdr.msg = msg;
hdr.iov[0].iov_base = msg->tail;
hdr.iov[0].iov_len = msgb_tailroom(msg);
- hdr.hdr.msg_iov = &hdr.iov[0];
- hdr.hdr.msg_iovlen = 1;
- hdr.hdr.msg_name = &hdr.osa.u.sa;
- hdr.hdr.msg_namelen = sizeof(struct osmo_sockaddr);
+ hdr.hdr = (struct msghdr) {
+ .msg_iov = &hdr.iov[0],
+ .msg_iovlen = 1,
+ .msg_name = &hdr.osa.u.sa,
+ .msg_namelen = sizeof(struct osmo_sockaddr),
+ };
rc = recvmsg(ofd->fd, &hdr.hdr, flags);
if (rc > 0)
To view, visit change 34337. To unsubscribe, or for help writing mail filters, visit settings.