File fix_uninitialized_value.patch of Package sblim-sfcb.17479
Date: Tue Dec 13 17:51:55 CET 2016
Author: Marcus Meissner
Bug: 1015155
Summary: Fix uninitialized value reported by valgrind
*-* sfcXmlerror: syntax error, unexpected $end, expecting XTOK_XML
==1715== Conditional jump or move depends on uninitialised value(s)
==1715== at 0x588CD82: handleCimRequest (cimRequest.c:1883)
==1715== by 0x4E3D95A: doHttpRequest (httpAdapter.c:1399)
==1715== by 0x4E3EC96: handleHttpRequest (httpAdapter.c:1741)
==1715== by 0x4E3EC96: acceptRequest (httpAdapter.c:2022)
==1715== by 0x4E40847: httpDaemon (httpAdapter.c:2452)
==1715== by 0x404866: startHttpd (sfcBroker.c:540)
==1715== by 0x4038B3: main (sfcBroker.c:1062)
==1715==
==1715== Conditional jump or move depends on uninitialised value(s)
==1715== at 0x4E3A0CF: writeResponse (httpAdapter.c:635)
==1715== by 0x4E3DA3E: doHttpRequest (httpAdapter.c:1415)
==1715== by 0x4E3EC96: handleHttpRequest (httpAdapter.c:1741)
==1715== by 0x4E3EC96: acceptRequest (httpAdapter.c:2022)
==1715== by 0x4E40847: httpDaemon (httpAdapter.c:2452)
==1715== by 0x404866: startHttpd (sfcBroker.c:540)
==1715== by 0x4038B3: main (sfcBroker.c:1062)
==1715==
==1715== Use of uninitialised value of size 8
==1715== at 0x4C2C6C2: strlen (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1715== by 0x4E3A0B4: writeResponse (httpAdapter.c:643)
==1715== by 0x4E3DA3E: doHttpRequest (httpAdapter.c:1415)
==1715== by 0x4E3EC96: handleHttpRequest (httpAdapter.c:1741)
==1715== by 0x4E3EC96: acceptRequest (httpAdapter.c:2022)
==1715== by 0x4E40847: httpDaemon (httpAdapter.c:2452)
==1715== by 0x404866: startHttpd (sfcBroker.c:540)
==1715== by 0x4038B3: main (sfcBroker.c:1062)
==1715==
==1715== Invalid read of size 1
==1715== at 0x4C2C6C2: strlen (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1715== by 0x4E3A0B4: writeResponse (httpAdapter.c:643)
==1715== by 0x4E3DA3E: doHttpRequest (httpAdapter.c:1415)
==1715== by 0x4E3EC96: handleHttpRequest (httpAdapter.c:1741)
==1715== by 0x4E3EC96: acceptRequest (httpAdapter.c:2022)
==1715== by 0x4E40847: httpDaemon (httpAdapter.c:2452)
==1715== by 0x404866: startHttpd (sfcBroker.c:540)
==1715== by 0x4038B3: main (sfcBroker.c:1062)
==1715== Address 0xbbf0bda8 is not stack'd, malloc'd or (recently) free'd
==1715==
==1715==
And tons of others!!! Thank you valgrind.
Index: sblim-sfcb-1.4.8/providerMgr.c
===================================================================
--- sblim-sfcb-1.4.8.orig/providerMgr.c
+++ sblim-sfcb-1.4.8/providerMgr.c
@@ -1198,7 +1198,7 @@ getProviderContext(BinRequestContext * c
_SFCB_ENTER(TRACE_PROVIDERMGR, "getProviderContext");
l = sizeof(*ohdr) + ohdr->nameSpace.length + ohdr->className.length;
- buf = malloc(l + 8);
+ buf = calloc(1, l + 8);
memcpy(buf, ohdr, sizeof(*ohdr));
if (localMode)
@@ -1329,7 +1329,7 @@ intInvokeProvider(BinRequestContext * ct
object[i].length);
}
- buf = malloc(l + 8);
+ buf = calloc(1, l + 8);
if (ctx->noResp & 1) {
hdr->options |= BRH_NoResp;
Index: sblim-sfcb-1.4.8/providerDrv.c
===================================================================
--- sblim-sfcb-1.4.8.orig/providerDrv.c
+++ sblim-sfcb-1.4.8/providerDrv.c
@@ -1177,7 +1177,7 @@ makeSafeResponse(BinResponseHdr* hdr, Bi
len += (hdr->object[i].type == MSG_SEG_CHARS ? PADDED_LEN(hdr->object[i].length) : hdr->object[i].length);
}
- outHdr = malloc(len +rvl + 8);
+ outHdr = calloc(1, len +rvl + 8);
memcpy(outHdr, hdr, size);
if (rvl) {
Index: sblim-sfcb-1.4.8/result.c
===================================================================
--- sblim-sfcb-1.4.8.orig/result.c
+++ sblim-sfcb-1.4.8/result.c
@@ -91,7 +91,7 @@ prepResultBuffer(NativeResult * nr, unsi
nr->dMax *= 2;
nr->dNext = 0;
- nr->data = malloc(nr->dMax);
+ nr->data = calloc(1, nr->dMax);
nr->sMax = nr->dMax / 400;
nr->sNext = 0;
Index: sblim-sfcb-1.4.8/cimXmlParser.c
===================================================================
--- sblim-sfcb-1.4.8.orig/cimXmlParser.c
+++ sblim-sfcb-1.4.8/cimXmlParser.c
@@ -54,7 +54,7 @@ Throw(XmlBuffer __attribute__ ((unused))
static XmlBuffer *
newXmlBuffer(char *s)
{
- XmlBuffer *xb = malloc(sizeof(*xb));
+ XmlBuffer *xb = calloc(1, sizeof(*xb));
xb->base = xb->cur = (char *) strdup(s);
xb->last = xb->cur + strlen(xb->cur);
xb->nulledChar = 0;
@@ -1714,6 +1714,8 @@ scanCimXmlRequest(CimRequestContext *ctx
ParserControl control;
*rc=0;
+ memset(&control, 0, sizeof(control));
+
XmlBuffer *xmb = newXmlBuffer(xmlData);
control.xmb = xmb;
control.reqHdr.buffer = xmb;
Index: sblim-sfcb-1.4.8/objectImpl.c
===================================================================
--- sblim-sfcb-1.4.8.orig/objectImpl.c
+++ sblim-sfcb-1.4.8/objectImpl.c
@@ -175,7 +175,7 @@ ensureClSpace(ClObjectHdr * hdr, ClSecti
unsigned short max = GetMax(sct->max);
if (sct->sectionOffset == 0) {
- p = setSectionPtr(sct, malloc((sct->max = iSize) * size));
+ p = setSectionPtr(sct, calloc(1, (sct->max = iSize) * size));
hdr->flags |= HDR_Rebuild;
} else if (sct->used >= max) {
max *= 2;
@@ -225,12 +225,12 @@ addClStringN(ClObjectHdr * hdr, const ch
for (; nmax <= l; nmax *= 2);
buf =
setStrBufPtr(hdr,
- malloc(((nmax - 1) * sizeof(char)) +
+ calloc(1, ((nmax - 1) * sizeof(char)) +
sizeof(ClStrBuf)));
buf->bMax = nmax;
buf->bUsed = buf->iUsed = 0;
buf->iMax = 16;
- setStrIndexPtr(buf, malloc(sizeof(*buf->indexPtr) * 16));
+ setStrIndexPtr(buf, calloc(1, sizeof(*buf->indexPtr) * 16));
hdr->flags |= HDR_Rebuild;
}
@@ -314,17 +314,20 @@ addClArray(ClObjectHdr * hdr, CMPIData d
CMPIData td,
*dp;
+ m = i = 0;
+ memset(&td, 0xff, sizeof(td));
+
if (hdr->arrayBufOffset == 0) {
nmax = 16;
for (; nmax <= l; nmax *= 2);
buf =
setArrayBufPtr(hdr,
- malloc(((nmax - 1) * sizeof(CMPIData)) +
+ calloc(1, ((nmax - 1) * sizeof(CMPIData)) +
sizeof(ClArrayBuf)));
buf->bMax = nmax;
buf->bUsed = buf->iUsed = 0;
buf->iMax = 16;
- setArrayIndexPtr(buf, malloc(sizeof(*buf->indexPtr) * 16));
+ setArrayIndexPtr(buf, calloc(1, sizeof(*buf->indexPtr) * 16));
hdr->flags |= HDR_Rebuild;
}
Index: sblim-sfcb-1.4.8/args.c
===================================================================
--- sblim-sfcb-1.4.8.orig/args.c
+++ sblim-sfcb-1.4.8/args.c
@@ -207,6 +207,7 @@ __new_empty_args(int mm_add, CMPIStatus
*tArgs;
int state;
+ memset(&args, 0, sizeof(args));
args.args = a;
tArgs = memAddEncObj(mm_add, &args, sizeof(args), &state);
tArgs->mem_state = state;
Index: sblim-sfcb-1.4.8/msgqueue.c
===================================================================
--- sblim-sfcb-1.4.8.orig/msgqueue.c
+++ sblim-sfcb-1.4.8/msgqueue.c
@@ -219,6 +219,8 @@ spGetMsg(int *s, int *from, void *data,
_SFCB_ENTER(TRACE_MSGQUEUE, "spGetMsg");
_SFCB_TRACE(1, ("--- Receiving from %d length %d", *s, length));
+ memset(ccmsg, 0, sizeof(ccmsg));
+
msg.msg_name = 0;
msg.msg_namelen = 0;
msg.msg_iov = &iov;
@@ -440,8 +442,7 @@ spRecvCtlResult(int *s, int *from, void
static int
spSendMsg(int *to, int *from, int n, struct iovec *iov, int size)
{
- SpMessageHdr spMsg = { 0, 0, abs(*from), size };
- spMsg.type = MSG_DATA;
+ SpMessageHdr spMsg; // = { 0, 0, abs(*from), size };
static char *em = "spSendMsg sending to";
struct msghdr msg;
char ccmsg[CMSG_SPACE(sizeof(*from))];
@@ -451,7 +452,11 @@ spSendMsg(int *to, int *from, int n, str
_SFCB_ENTER(TRACE_MSGQUEUE, "spSendMsg");
_SFCB_TRACE(1, ("--- Sending %d bytes to %d", size, *to));
+ memset(ccmsg, 0, sizeof(ccmsg));
+ memset(&spMsg, 0, sizeof(spMsg));
+ spMsg.type = MSG_DATA;
spMsg.returnS = abs(*from);
+ spMsg.totalSize = size;
if (*from > 0) {
msg.msg_control = ccmsg;
@@ -575,13 +583,17 @@ spRcvAck(int from)
static int
spSendCtl(int *to, int *from, short code, unsigned long count, void *data)
{
- SpMessageHdr spMsg = { 0, 0, abs(*from), 0 };
+ SpMessageHdr spMsg; // = { 0, 0, abs(*from), 0 };
static char *em = "spSendCtl sending to";
struct msghdr msg;
struct iovec iov[2];
char ccmsg[CMSG_SPACE(sizeof(*from))];
struct cmsghdr *cmsg;
+ memset(ccmsg, 0, sizeof(ccmsg));
+ memset(&spMsg, 0, sizeof(spMsg));
+ spMsg.returnS = abs(*from);
+
_SFCB_ENTER(TRACE_MSGQUEUE, "spSendCtl");
_SFCB_TRACE(1,
("--- Sending %d bytes to %d", sizeof(SpMessageHdr), *to));
