| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190726191928.GF20482@kernel.org>
Date: Fri, 26 Jul 2019 16:19:28 -0300
From: Arnaldo Carvalho de Melo <arnaldo.melo@...il.com>
To: Numfor Mbiziwo-Tiapo <nums@...gle.com>
Cc: peterz@...radead.org, mingo@...hat.com,
alexander.shishkin@...ux.intel.com, jolsa@...hat.com,
namhyung@...nel.org, songliubraving@...com, mbd@...com,
linux-kernel@...r.kernel.org, irogers@...gle.com,
eranian@...gle.com
Subject: Re: [PATCH 1/3] Fix util.c use of unitialized value warning
Em Wed, Jul 24, 2019 at 04:44:58PM -0700, Numfor Mbiziwo-Tiapo escreveu:
> When building our local version of perf with MSAN (Memory Sanitizer)
> and running the perf record command, MSAN throws a use of uninitialized
> value warning in "tools/perf/util/util.c:333:6".
>
> This warning stems from the "buf" variable being passed into "write".
> It originated as the variable "ev" with the type union perf_event*
> defined in the "perf_event__synthesize_attr" function in
> "tools/perf/util/header.c".
>
> In the "perf_event__synthesize_attr" function they allocate space with
> a malloc call using ev, then go on to only assign some of the member
> variables before passing "ev" on as a parameter to the "process" function
> therefore "ev" contains uninitialized memory. Changing the malloc call
> to calloc initializes all the members of "ev" which gets rid of the
> warning.
I'm applying, but changing the calloc call to zalloc() that is just a
shorter wrapper to calloc(1, size).
Thanks,
- Arnaldo
> To reproduce this warning, build perf by running:
> make -C tools/perf CLANG=1 CC=clang EXTRA_CFLAGS="-fsanitize=memory\
> -fsanitize-memory-track-origins"
>
> (Additionally, llvm might have to be installed and clang might have to
> be specified as the compiler - export CC=/usr/bin/clang)
>
> then running:
> tools/perf/perf record -o - ls / | tools/perf/perf --no-pager annotate\
> -i - --stdio
>
> Please see the cover letter for why false positive warnings may be
> generated.
>
> Signed-off-by: Numfor Mbiziwo-Tiapo <nums@...gle.com>
> ---
> tools/perf/util/header.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c
> index dec6d218c31c..b9c71fc45ac1 100644
> --- a/tools/perf/util/header.c
> +++ b/tools/perf/util/header.c
> @@ -3427,7 +3427,7 @@ int perf_event__synthesize_attr(struct perf_tool *tool,
> size += sizeof(struct perf_event_header);
> size += ids * sizeof(u64);
>
> - ev = malloc(size);
> + ev = calloc(1, size);
>
> if (ev == NULL)
> return -ENOMEM;
> --
> 2.22.0.657.g960e92d24f-goog
--
- Arnaldo
Powered by blists - more mailing lists