[spice-server v3 1/3] reds-stream: Don't use sendmsg with uninitialized memory

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On my 64 bit Fedora 25, CMSG_SPACE() adds 4 bytes of padding after the
file descriptor in the control data. This causes warnings when ran under
valgrind as we set msg_controllen to CMSG_SPACE().

This commit fills the control data to 0 to avoid these warnings.

==30301== Syscall param sendmsg(msg.msg_control) points to uninitialised byte(s)
==30301==    at 0x8127367: sendmsg (sendmsg.c:28)
==30301==    by 0x41880B: reds_stream_send_msgfd (reds-stream.c:295)
==30301==    by 0x40953F: main (test-stream.c:121)
==30301==  Address 0xffefff1b4 is on thread 1's stack
==30301==  in frame #1, created by reds_stream_send_msgfd (reds-stream.c:263)

Acked-by: Pavel Grunt <pgrunt@xxxxxxxxxx>
---
 server/reds-stream.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/server/reds-stream.c b/server/reds-stream.c
index a813a8b..8ac296d 100644
--- a/server/reds-stream.c
+++ b/server/reds-stream.c
@@ -283,6 +283,10 @@ int reds_stream_send_msgfd(RedsStream *stream, int fd)
     if (fd != -1) {
         msgh.msg_control = control.data;
         msgh.msg_controllen = sizeof(control.data);
+        /* CMSG_SPACE() might be larger than CMSG_LEN() as it can include some
+         * padding. We set the whole control data to 0 to avoid valgrind warnings
+         */
+        memset(control.data, 0, sizeof(control.data));
 
         cmsg = CMSG_FIRSTHDR(&msgh);
         cmsg->cmsg_len = CMSG_LEN(fd_size);
-- 
2.9.3

_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]