osmocom
/
libosmocore
mirror of https://gerrit.osmocom.org/libosmocore
11
0
Fork 0
Code Issues Releases Wiki Activity

osmo_io: Init struct msghdr to zero 

Avoid uninitialized read, found with valgrind

Syscall param recvmsg(msg) points to uninitialised byte(s)
   at 0x49FD865: __recvmsg_syscall (recvmsg.c:27)
   by 0x49FD865: recvmsg (recvmsg.c:41)
   by 0x4891FAE: iofd_poll_ofd_cb_recvmsg_sendmsg (osmo_io_poll.c:66)
   by 0x48921B2: iofd_poll_ofd_cb_dispatch (osmo_io_poll.c:119)
   by 0x48941F1: poll_disp_fds (select.c:419)
   by 0x4894299: _osmo_select_main (select.c:457)
   by 0x4894304: osmo_select_main (select.c:496)
   by 0x10DC3E: test_segm_ipa_stream_srv_run (stream_test.c:628)
   by 0x10E2A5: main (stream_test.c:879)
 Address 0x1ffefffa68 is on thread 1's stack
 in frame #1, created by iofd_poll_ofd_cb_recvmsg_sendmsg (osmo_io_poll.c:45)

Change-Id: I21114ad57784126cfdeb4a932ed44dbf23946fbe
This commit is contained in:
Daniel Willmann 2023-09-05 14:11:55 +02:00
parent 15b76f068d
commit 435856be51
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/core/osmo_io_poll.c
View File

@ -58,10 +58,12 @@ static void iofd_poll_ofd_cb_recvmsg_sendmsg(struct osmo_fd *ofd, unsigned int w
hdr.msg = msg;
hdr.iov[0].iov_base = msg->tail;
hdr.iov[0].iov_len = msgb_tailroom(msg);
hdr.hdr.msg_iov = &hdr.iov[0];
hdr.hdr.msg_iovlen = 1;
hdr.hdr.msg_name = &hdr.osa.u.sa;
hdr.hdr.msg_namelen = sizeof(struct osmo_sockaddr);
hdr.hdr = (struct msghdr) {
.msg_iov = &hdr.iov[0],
.msg_iovlen = 1,
.msg_name = &hdr.osa.u.sa,
.msg_namelen = sizeof(struct osmo_sockaddr),
};
rc = recvmsg(ofd->fd, &hdr.hdr, flags);
if (rc > 0)