[pulseaudio-discuss] [PATCH 2/2] pstream: Fix use of uninitialized value: ancillary fd cleanup flag
Ahmed S. Darwish
darwish.07 at gmail.com
Fri Jun 17 19:56:41 UTC 2016
As reported by valrgrind
==30002== Conditional jump or move depends on uninitialised value(s)
==30002== at 0x5CB883C: pa_cmsg_ancil_data_close_fds (pstream.c:193)
==30002== by 0x5CBB161: do_write (pstream.c:759)
==30002== by 0x5CB8B51: do_pstream_read_write (pstream.c:233)
==30002== by 0x5CB8EE8: io_callback (pstream.c:279)
...
The pa_cmsg_ancil_data structure has two main guards:
'creds_valid', which implies that it holds credentials
information, and 'nfd', which implies it holds file descriptors.
When code paths create a credentials ancillary data structure,
they just set the 'nfd' guard to zero. Typically, the rest of
pa_cmsg_ancil_data fields related to fds are _all_ left
_uninitialized_.
pa_cmsg_ancil_data_close_flds() has broken the above contract:
it accesses the new 'close_fds_on_cleanup' flag, which is related
to file descriptors, without checking the 'nfd == 0' guard first.
Fix this inconsistency.
Reported-by: Alexander E. Patrakov <patrakov at gmail.com>
Signed-off-by: Ahmed S. Darwish <darwish.07 at gmail.com>
---
src/pulsecore/pstream.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/pulsecore/pstream.c b/src/pulsecore/pstream.c
index 1ea3c5b..bbff2f6 100644
--- a/src/pulsecore/pstream.c
+++ b/src/pulsecore/pstream.c
@@ -190,7 +190,7 @@ struct pa_pstream {
* it guarantees necessary cleanups after fds close.. This method is
* also multiple-invocations safe. */
void pa_cmsg_ancil_data_close_fds(struct pa_cmsg_ancil_data *ancil) {
- if (ancil && ancil->close_fds_on_cleanup) {
+ if (ancil && ancil->nfd > 0 && ancil->close_fds_on_cleanup) {
int i;
pa_assert(ancil->nfd <= MAX_ANCIL_DATA_FDS);
--
2.8.3
More information about the pulseaudio-discuss
mailing list