lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <a74ec917c2e3bf4d756a5ce2745f0f0a2970805a.camel@gmail.com>
Date: Wed, 30 Jul 2025 09:13:32 -0700
From: Eduard Zingerman <eddyz87@...il.com>
To: Yonghong Song <yonghong.song@...ux.dev>, Achill Gilgenast
	 <fossdd@...ed.life>, Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann
	 <daniel@...earbox.net>, Andrii Nakryiko <andrii@...nel.org>, Viktor Malik
	 <vmalik@...hat.com>, bpf@...r.kernel.org
Cc: linux-kernel@...r.kernel.org, Martin KaFai Lau <martin.lau@...ux.dev>, 
 Song Liu <song@...nel.org>, John Fastabend <john.fastabend@...il.com>, KP
 Singh <kpsingh@...nel.org>,  Stanislav Fomichev	 <sdf@...ichev.me>, Hao Luo
 <haoluo@...gle.com>, Jiri Olsa <jolsa@...nel.org>
Subject: Re: [PATCH] libbpf: avoid possible use of uninitialized mod_len

On Tue, 2025-07-29 at 09:17 -0700, Yonghong Song wrote:
> 
> On 7/29/25 2:45 AM, Achill Gilgenast wrote:
> > If not fn_name, mod_len does never get initialized which fails now with
> > gcc15 on Alpine Linux edge:
> > 
> > 	libbpf.c: In function 'find_kernel_btf_id.constprop':
> > 	libbpf.c:10100:33: error: 'mod_len' may be used uninitialized [-Werror=maybe-uninitialized]
> > 	10100 |                 if (mod_name && strncmp(mod->name, mod_name, mod_len) != 0)
> > 	      |                                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > 	libbpf.c:10070:21: note: 'mod_len' was declared here
> > 	10070 |         int ret, i, mod_len;
> > 	      |                     ^~~~~~~
> > 
> > Fixes: 8f8a024272f3 ("libbpf: support "module: Function" syntax for tracing programs")
> > Signed-off-by: Achill Gilgenast <fossdd@...ed.life>
> 
> The code itself is actually okay. The error is triggered due to'maybe-uninitialized'.
> To silence the compilation error, I think this change is okay.
> 
> Acked-by: Yonghong Song <yonghong.song@...ux.dev>

I agree with Yonghong, `mod_len` is only read if mod_name != NULL,
meaning that "if (fn_name) { ... mod_name = ...; mod_len = ... }"
block was executed.

Please drop the "Fixes" tag.

Acked-by: Eduard Zingerman <eddyz87@...il.com>

[...]

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ