This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug libc/17542] conditional jump depends on uninitialised value in svc_getreq_common

From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Wed, 18 Mar 2015 09:28:42 +0000
Subject: [Bug libc/17542] conditional jump depends on uninitialised value in svc_getreq_common
Auto-submitted: auto-generated
References: <bug-17542-131 at http dot sourceware dot org/bugzilla/>

https://sourceware.org/bugzilla/show_bug.cgi?id=17542

--- Comment #3 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  ed6b0fe710b631b99ed9fc28cefedfe69a16dc55 (commit)
      from  f8aeae347377f3dfa8cbadde057adf1827fb1d44 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ed6b0fe710b631b99ed9fc28cefedfe69a16dc55

commit ed6b0fe710b631b99ed9fc28cefedfe69a16dc55
Author: Brad Hubbard <bhubbard@redhat.com>
Date:   Wed Mar 18 14:51:26 2015 +0530

    Use calloc to allocate xports (BZ #17542)

    If xports is NULL in xprt_register we malloc it but if sock >
    _rpc_dtablesize() that memory does not get initialised and may in theory
    contain any value. Later we make a conditional jump in svc_getreq_common
    based on the uninitialised memory and this caused a general protection
    fault in rpc.statd on an older version of glibc but this code has not
    changed since that version.

    Following is the valgrind warning.

    ==26802== Conditional jump or move depends on uninitialised value(s)
    ==26802==    at 0x5343A25: svc_getreq_common (in /lib64/libc-2.5.so)
    ==26802==    by 0x534357B: svc_getreqset (in /lib64/libc-2.5.so)
    ==26802==    by 0x10DE1F: ??? (in /sbin/rpc.statd)
    ==26802==    by 0x10D0EF: main (in /sbin/rpc.statd)
    ==26802==  Uninitialised value was created by a heap allocation
    ==26802==    at 0x4C2210C: malloc (vg_replace_malloc.c:195)
    ==26802==    by 0x53438BE: xprt_register (in /lib64/libc-2.5.so)
    ==26802==    by 0x53450DF: svcudp_bufcreate (in /lib64/libc-2.5.so)
    ==26802==    by 0x10FE32: ??? (in /sbin/rpc.statd)
    ==26802==    by 0x10D13E: main (in /sbin/rpc.statd)

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog    |    5 +++++
 NEWS         |   11 +++++------
 sunrpc/svc.c |    4 ++--
 3 files changed, 12 insertions(+), 8 deletions(-)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]