lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <801f283e-293b-251d-1e81-3c08094e1d94@iogearbox.net>
Date:   Mon, 18 Dec 2017 19:19:57 +0100
From:   Daniel Borkmann <daniel@...earbox.net>
To:     Alexei Starovoitov <ast@...nel.org>,
        "David S . Miller" <davem@...emloft.net>
Cc:     Arnd Bergmann <arnd@...db.de>, netdev@...r.kernel.org,
        kernel-team@...com
Subject: Re: [PATCH bpf-next] bpf: arm64: fix uninitialized variable

On 12/18/2017 07:09 PM, Alexei Starovoitov wrote:
> From: Alexei Starovoitov <ast@...com>
> 
> fix the following issue:
> arch/arm64/net/bpf_jit_comp.c: In function 'bpf_int_jit_compile':
> arch/arm64/net/bpf_jit_comp.c:982:18: error: 'image_size' may be used
> uninitialized in this function [-Werror=maybe-uninitialized]
> 
> Fixes: db496944fdaa ("bpf: arm64: add JIT support for multi-function programs")
> Reported-by: Arnd Bergmann <arnd@...db.de>
> Signed-off-by: Alexei Starovoitov <ast@...nel.org>
> ---
>  arch/arm64/net/bpf_jit_comp.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/arch/arm64/net/bpf_jit_comp.c b/arch/arm64/net/bpf_jit_comp.c
> index 396490cf7316..acaa935ed977 100644
> --- a/arch/arm64/net/bpf_jit_comp.c
> +++ b/arch/arm64/net/bpf_jit_comp.c
> @@ -897,6 +897,7 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog)
>  		image_ptr = jit_data->image;
>  		header = jit_data->header;
>  		extra_pass = true;
> +		image_size = sizeof(u32) * ctx.idx;
>  		goto skip_init_ctx;
>  	}
>  	memset(&ctx, 0, sizeof(ctx));
> 

I don't really mind, but it feels more complex than it needs to be
imho, since in the initial pass you fetch 'image_size' in fake pass
from ctx.idx, then we set ctx.idx to 0 again, do another pass and
use the cached ctx.idx from that second pass instead of the first
one where we set 'image_size' originally, so we definitely need to
take that into consideration in future reviews at least.

Thanks,
Daniel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ