https://bugs.winehq.org/show_bug.cgi?id=38671
Bug ID: 38671 Summary: valgrind shows an uninitialized write in dlls/advapi32/tests/security.c Product: Wine Version: 1.7.44 Hardware: x86 OS: Linux Status: NEW Keywords: download, source, testcase, valgrind Severity: minor Priority: P2 Component: advapi32 Assignee: wine-bugs@winehq.org Reporter: austinenglish@gmail.com Distribution: ---
==11415== Syscall param writev(vector[...]) points to uninitialised byte(s) ==11415== at 0x4F7A0F4B: ??? (in /usr/lib/libc-2.21.so) ==11415== by 0x7BC7A9C5: send_request (server.c:228) ==11415== by 0x7BC7AB52: wine_server_call (server.c:309) ==11415== by 0x7BC43375: FILE_CreateFile (file.c:229) ==11415== by 0x7BC4357B: NtCreateFile (file.c:323) ==11415== by 0x7B85C7A1: CreateDirectoryW (path.c:1565) ==11415== by 0x7B85C84D: CreateDirectoryA (path.c:1589) ==11415== by 0x47D0DB7: test_CreateDirectoryA (security.c:3252) ==11415== by 0x47DE307: func_security (security.c:5863) ==11415== by 0x47EC923: run_test (test.h:584) ==11415== by 0x47ECD6B: main (test.h:666) ==11415== Address 0x46a18e0 is 88 bytes inside a block of size 120 alloc'd ==11415== at 0x7BC4A9F1: notify_alloc (heap.c:254) ==11415== by 0x7BC4EC94: RtlAllocateHeap (heap.c:1715) ==11415== by 0x7BC83236: NTDLL_create_struct_sd (sync.c:116) ==11415== by 0x7BC4327E: FILE_CreateFile (file.c:211) ==11415== by 0x7BC4357B: NtCreateFile (file.c:323) ==11415== by 0x7B85C7A1: CreateDirectoryW (path.c:1565) ==11415== by 0x7B85C84D: CreateDirectoryA (path.c:1589) ==11415== by 0x47D0DB7: test_CreateDirectoryA (security.c:3252) ==11415== by 0x47DE307: func_security (security.c:5863) ==11415== by 0x47EC923: run_test (test.h:584) ==11415== by 0x47ECD6B: main (test.h:666) ==11415== Uninitialised value was created by a client request ==11415== at 0x7BC4A7FD: mark_block_uninitialized (heap.c:208) ==11415== by 0x7BC4A952: initialize_block (heap.c:239) ==11415== by 0x7BC4ECB4: RtlAllocateHeap (heap.c:1716) ==11415== by 0x47D0C3D: test_CreateDirectoryA (security.c:3238) ==11415== by 0x47DE307: func_security (security.c:5863) ==11415== by 0x47EC923: run_test (test.h:584) ==11415== by 0x47ECD6B: main (test.h:666) ==11415==
https://bugs.winehq.org/show_bug.cgi?id=38671
Sebastian Lackner sebastian@fds-team.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |sebastian@fds-team.de
--- Comment #1 from Sebastian Lackner sebastian@fds-team.de --- Looks harmless to me. To avoid ugly size calculations dlls/advapi32/tests/security.c uses a fixed size buffer for the DACL (line 3238):
--- snip --- pDacl = HeapAlloc(GetProcessHeap(), 0, 100); bret = InitializeAcl(pDacl, 100, ACL_REVISION); --- snip ---
In dlls/ntdll/sync.c the full buffer is copied and later transferred to the wineserver, although some parts of it are unused. AclCount is set to the proper number of elements, so this is harmless.
The easiest way to fix this issue would be to just initialize the memory with zeros (pass HEAP_ZERO_MEMORY to the second arg of HeapAlloc), but unfortunately we would have to do that at multiple places. Anyone else has a better idea?
https://bugs.winehq.org/show_bug.cgi?id=38671
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|valgrind shows an |valgrind shows an |uninitialized write in |uninitialized write in |dlls/advapi32/tests/securit |dlls/advapi32/tests/securit |y.c |y.c (test_CreateDirectoryA)
https://bugs.winehq.org/show_bug.cgi?id=38671
Matteo Bruni matteo.mystral@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Fixed by SHA1| |f6f5c96677be7dfd7fc62b80fb8 | |22fdfa7b1c4fd Resolution|--- |FIXED
--- Comment #2 from Matteo Bruni matteo.mystral@gmail.com --- Fixed by f6f5c96677be7dfd7fc62b80fb822fdfa7b1c4fd, pretty much as Sebastian suggested in comment 1.
https://bugs.winehq.org/show_bug.cgi?id=38671
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #3 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 3.0-rc6.