diff mbox series

[ibsim,23/23] sim_mad.c: Fix accessing of uninitialised memory in send_trap

Message ID 20190102131318.5765-23-honli@redhat.com (mailing list archive)
State Not Applicable
Headers show
Series [ibsim,01/23] move sim_cmd_file into ibsim/sim_cmd.c | expand

Commit Message

Honggang LI Jan. 2, 2019, 1:13 p.m. UTC
==11780== 4 errors in context 1 of 1:
==11780== Syscall param write(buf) points to uninitialised byte(s)
==11780==    at 0x5349F34: write (in /usr/lib64/libc-2.27.so)
==11780==    by 0x40CA7E: send_trap (sim_mad.c:2014)
==11780==    by 0x407D57: do_portinfo (sim_mad.c:672)
==11780==    by 0x40C2CD: process_packet (sim_mad.c:1887)
==11780==    by 0x41254B: sim_read_pkt (ibsim.c:484)
==11780==    by 0x412D49: sim_run (ibsim.c:601)
==11780==    by 0x4135B3: main (ibsim.c:783)
==11780==  Address 0x1ffeffed44 is on thread 1's stack
==11780==  in frame #1, created by send_trap (sim_mad.c:1971)
==11780==  Uninitialised value was created by a stack allocation
==11780==    at 0x40C832: send_trap (sim_mad.c:1971)
Signed-off-by: Honggang Li <honli@redhat.com>
---
 ibsim/sim_mad.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Hal Rosenstock Jan. 4, 2019, 7:25 p.m. UTC | #1
On 1/2/2019 8:13 AM, Honggang Li wrote:
> ==11780== 4 errors in context 1 of 1:
> ==11780== Syscall param write(buf) points to uninitialised byte(s)
> ==11780==    at 0x5349F34: write (in /usr/lib64/libc-2.27.so)
> ==11780==    by 0x40CA7E: send_trap (sim_mad.c:2014)
> ==11780==    by 0x407D57: do_portinfo (sim_mad.c:672)
> ==11780==    by 0x40C2CD: process_packet (sim_mad.c:1887)
> ==11780==    by 0x41254B: sim_read_pkt (ibsim.c:484)
> ==11780==    by 0x412D49: sim_run (ibsim.c:601)
> ==11780==    by 0x4135B3: main (ibsim.c:783)
> ==11780==  Address 0x1ffeffed44 is on thread 1's stack
> ==11780==  in frame #1, created by send_trap (sim_mad.c:1971)
> ==11780==  Uninitialised value was created by a stack allocation
> ==11780==    at 0x40C832: send_trap (sim_mad.c:1971)
> Signed-off-by: Honggang Li <honli@redhat.com>
> ---
>  ibsim/sim_mad.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/ibsim/sim_mad.c b/ibsim/sim_mad.c
> index 5ef1d0a6dbeb..dfd1a31e178e 100644
> --- a/ibsim/sim_mad.c
> +++ b/ibsim/sim_mad.c
> @@ -1982,7 +1982,7 @@ int send_trap(Port * port, unsigned trapnum)
>  	}
>  
>  	encode_trapfn = encodetrap[trapnum];
> -	memset(req.mad, 0, sizeof(req.mad));
> +	memset(&req, 0, sizeof(req));

With this, the following 3 lines can be eliminated:
-       req.sqp = 0;
-       req.dqp = 0;
-       req.status = 0;

>  	encode_trap_header(req.mad);
>  	if (encode_trapfn(port, data) < 0)
>  		return -1;
> 

Thanks. Applied (with additional change noted above).

-- Hal
diff mbox series

Patch

diff --git a/ibsim/sim_mad.c b/ibsim/sim_mad.c
index 5ef1d0a6dbeb..dfd1a31e178e 100644
--- a/ibsim/sim_mad.c
+++ b/ibsim/sim_mad.c
@@ -1982,7 +1982,7 @@  int send_trap(Port * port, unsigned trapnum)
 	}
 
 	encode_trapfn = encodetrap[trapnum];
-	memset(req.mad, 0, sizeof(req.mad));
+	memset(&req, 0, sizeof(req));
 	encode_trap_header(req.mad);
 	if (encode_trapfn(port, data) < 0)
 		return -1;