daniel has submitted this change. ( https://gerrit.osmocom.org/c/libosmocore/+/34337?usp=email )
Change subject: osmo_io: Init struct msghdr to zero ......................................................................
osmo_io: Init struct msghdr to zero
Avoid uninitialized read, found with valgrind
Syscall param recvmsg(msg) points to uninitialised byte(s) at 0x49FD865: __recvmsg_syscall (recvmsg.c:27) by 0x49FD865: recvmsg (recvmsg.c:41) by 0x4891FAE: iofd_poll_ofd_cb_recvmsg_sendmsg (osmo_io_poll.c:66) by 0x48921B2: iofd_poll_ofd_cb_dispatch (osmo_io_poll.c:119) by 0x48941F1: poll_disp_fds (select.c:419) by 0x4894299: _osmo_select_main (select.c:457) by 0x4894304: osmo_select_main (select.c:496) by 0x10DC3E: test_segm_ipa_stream_srv_run (stream_test.c:628) by 0x10E2A5: main (stream_test.c:879) Address 0x1ffefffa68 is on thread 1's stack in frame #1, created by iofd_poll_ofd_cb_recvmsg_sendmsg (osmo_io_poll.c:45)
Change-Id: I21114ad57784126cfdeb4a932ed44dbf23946fbe --- M src/core/osmo_io_poll.c 1 file changed, 30 insertions(+), 4 deletions(-)
Approvals: lynxis lazus: Looks good to me, approved Jenkins Builder: Verified pespin: Looks good to me, but someone else must approve
diff --git a/src/core/osmo_io_poll.c b/src/core/osmo_io_poll.c index c230188..d207047 100644 --- a/src/core/osmo_io_poll.c +++ b/src/core/osmo_io_poll.c @@ -58,10 +58,12 @@ hdr.msg = msg; hdr.iov[0].iov_base = msg->tail; hdr.iov[0].iov_len = msgb_tailroom(msg); - hdr.hdr.msg_iov = &hdr.iov[0]; - hdr.hdr.msg_iovlen = 1; - hdr.hdr.msg_name = &hdr.osa.u.sa; - hdr.hdr.msg_namelen = sizeof(struct osmo_sockaddr); + hdr.hdr = (struct msghdr) { + .msg_iov = &hdr.iov[0], + .msg_iovlen = 1, + .msg_name = &hdr.osa.u.sa, + .msg_namelen = sizeof(struct osmo_sockaddr), + };
rc = recvmsg(ofd->fd, &hdr.hdr, flags); if (rc > 0)
-
daniel