Closed Bug 580472 Opened 15 years ago Closed 14 years ago

Uninitialized memory read in Posix SpyConnectionLoop impl

Categories

(Tamarin Graveyard :: Garbage Collection (mmGC), defect, P3)

Product:
Tamarin Graveyard
Component:
Garbage Collection (mmGC)
Platform:
x86_64
macOS
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
flash10.2.x-Spicy

People

(Reporter: edwsmith, Assigned: treilly)

References

Details

Attachments

(1 file)

Fix bad reads
658 bytes, patch
lhansen
: review+
Details | Diff | Splinter Review
void* SpyConnectionLoop(void*) { struct sockaddr_un sockAddr; socklen_t len = sizeof(sockAddr.sun_family) + strlen(sockAddr.sun_path)+1; ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ When the SpyConnectionLoop thread is spawned, the socket is not passed in and the loop is trying to access an uninitialized sockaddr_un instance. ==20849== Conditional jump or move depends on uninitialised value(s) ==20849== at 0x3829FB: strlen (mc_replace_strmem.c:282) ==20849== by 0x5A5A: SpyConnectionLoop(void*) (SpyUtilsPosix.cpp:68) ==20849== by 0x48D81C: _pthread_start (in /usr/lib/libSystem.B.dylib) ==20849== by 0x48D6A1: thread_start (in /usr/lib/libSystem.B.dylib) ==20849== Uninitialised value was created by a stack allocation ==20849== at 0x5A30: SpyConnectionLoop(void*) (SpyUtilsPosix.cpp:64)
Whiteboard: valgrind
Blocks: 509020
Whiteboard: valgrind
Assignee: nobody → treilly
Status: NEW → ASSIGNED
Attached patch Fix bad readsSplinter Review
Attachment #476002 - Flags: review?(lhansen)
Flags: flashplayer-qrb+
Priority: -- → P3
Target Milestone: --- → flash10.2.x-Spicy
Comment on attachment 476002 [details] [diff] [review] Fix bad reads 'len' is just used the once in the function and could actually be open-coded in the call to accept().
Attachment #476002 - Flags: review?(lhansen) → review+
seemed weird to open code an in/out parameter, left as is: http://hg.mozilla.org/tamarin-redux/rev/e21b84e1dea4
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: