Actions
Bug #5592
closedE1 pcap: Syscall param write(buf) points to uninitialised byte(s)
Start date:
06/26/2022
Due date:
% Done:
100%
Spec Reference:
Description
I just happened to notice this running osmo-bsc under valgrind.
==20097== Syscall param write(buf) points to uninitialised byte(s) ==20097== at 0x4E48471: write (write.c:26) ==20097== by 0x4DA8DE9: osmo_pcap_lapd_write (lapd_pcap.c:168) ==20097== by 0x4DA8433: send_ph_data_req (lapd.c:628) ==20097== by 0x4C94F5C: lapd_send_rej (lapd_core.c:536) ==20097== by 0x4C9A08A: lapd_rx_i (lapd_core.c:1574) ==20097== by 0x4C9AA8F: lapd_ph_data_ind (lapd_core.c:1708) ==20097== by 0x4DA7C55: lapd_receive (lapd.c:496) ==20097== by 0x4D96B2C: e1inp_rx_ts_lapd (e1_input.c:778) ==20097== by 0x4D9C97C: handle_ts_sign_read (e1d.c:78) ==20097== by 0x4D9D908: e1d_fd_cb (e1d.c:281) ==20097== by 0x4D1281B: poll_disp_fds (select.c:361) ==20097== by 0x4D12928: _osmo_select_main (select.c:399) ==20097== Address 0x1ffefffed7 is on thread 1's stack ==20097== in frame #1, created by osmo_pcap_lapd_write (lapd_pcap.c:129) ==20097==
Updated by laforge almost 2 years ago
- Project changed from OsmoBSC to libosmo-abis
- Status changed from New to In Progress
- Assignee set to laforge
- % Done changed from 0 to 80
ok, the problem is that we don't zero-initialize the struct pcap_rechdr + pcap_lapdhdr before memcpy'ing them to buf, before we call write.
The whole idea of first filling the two structs on the stack, and then copying them to another buffer on the stack is somehow weird. Let's just create a combined struct on the stack and then fill that one directly.
See https://gerrit.osmocom.org/c/libosmo-abis/+/28413 (untested)
Updated by laforge almost 2 years ago
- Status changed from In Progress to Resolved
- % Done changed from 80 to 100
Applied in changeset libosmo-abis|dcbc00d0c4fb3ddbcc4ef964f03da093e3b0af04.
Actions
