lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4B0E6189.6050708@gmail.com>
Date:	Thu, 26 Nov 2009 13:07:53 +0200
From:	Török Edwin <edwintorok@...il.com>
To:	Dave Jones <davej@...hat.com>,
	Mauro Carvalho Chehab <mchehab@...hat.com>,
	Artem Bityutskiy <Artem.Bityutskiy@...ia.com>
CC:	Greg Kroah-Hartman <gregkh@...e.de>,
	Linux Kernel <linux-kernel@...r.kernel.org>,
	David Woodhouse <dwmw2@...radead.org>
Subject: Memset of length zero bugs

On 2009-11-11 23:57, Dave Jones wrote:
> Nearly every invocation of memset in drivers/staging/hv/StorVsc.c
> has it's arguments the wrong way around.
Hi,

I found 2 more bugs like this in v2.6.32-rc8-11-ga8a8a66 by letting gcc
warn in such cases on an allyesconfig build.
I used the attached patch (meant to be used only to find bugs, linking
fails).

Here are the warnings:
1. Wrong parameter order
In function ‘memset’,
inlined from ‘ir_input_init’ at drivers/media/common/ir-functions.c:67:
/home/edwin/builds/linux-2.6/arch/x86/include/asm/string_64.h:61:
warning: call to ‘__warn_memset_zero_len’ declared with attribute
warning: memset used with constant zero length parameter; this could be
due to transposed parameters
memset(ir->ir_codes, sizeof(ir->ir_codes), 0);

2. pgsize variable (and hence length argument) is always zero.

In function ‘memset’,
inlined from ‘erasecrosstest’ at drivers/mtd/tests/mtd_pagetest.c:345:
/home/edwin/builds/linux-2.6/arch/x86/include/asm/string_64.h:61:
warning: call to ‘__warn_memset_zero_len’ declared with attribute
warning: memset used with constant zero length parameter; this could be
due to transposed parameters
memset(readbuf, 0, pgsize);
In function ‘memset’,
inlined from ‘erasecrosstest’ at drivers/mtd/tests/mtd_pagetest.c:384:
/home/edwin/builds/linux-2.6/arch/x86/include/asm/string_64.h:61:
warning: call to ‘__warn_memset_zero_len’ declared with attribute
warning: memset used with constant zero length parameter; this could be
due to transposed parameters
In function ‘memset’,
inlined from ‘crosstest’ at drivers/mtd/tests/mtd_pagetest.c:219:
/home/edwin/builds/linux-2.6/arch/x86/include/asm/string_64.h:61:
warning: call to ‘__warn_memset_zero_len’ declared with attribute
warning: memset used with constant zero length parameter; this could be
due to transposed parameters

Now this one is interesting, the memsets are fine, however pgsize is
always zero, it is declared as 'static int pgsize' and never assigned a
value (hence it is always zero).
I didn't look at what mtd_pagetest wants to test, but the name suggests
that a pagesize of zero isn't a very useful test.

Best regards,
--Edwin

View attachment "patch" of type "text/plain" (998 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ