Jefferson Carpenter jeffersoncarpenter2@gmail.com writes:
From 12fe924328dd2317741db9db28cb9a2ad03a8692 Mon Sep 17 00:00:00 2001 From: Jefferson Carpenter jeffersoncarpenter2@gmail.com Date: Sat, 27 Apr 2019 07:33:59 +0000 Subject: [PATCH] server: zero allocated memory after allocating mappings
An uninitialized read occurs in the send_reply function, after get_mapping_info calls set_reply_data( &mapping->image, &c..
Please try to figure out which field is not initialized and set it to a correct value, instead of hiding the problem by zeroing everything.
Turns out it's because pe_image_info_t is 88 bytes in size but only 84 are used for data members, the last 4 bytes unused.
This is a hard problem in general, since padding bytes can occur between data members as well as the end of the struct.
Probably the cleanest way to fix the valgrind warning is to alter get_mapping_info so that it sets the reply data memberwise, rather than as a binary blob.
On Sun, Apr 28, 2019 at 7:44 PM Alexandre Julliard julliard@winehq.org wrote:
Jefferson Carpenter jeffersoncarpenter2@gmail.com writes:
From 12fe924328dd2317741db9db28cb9a2ad03a8692 Mon Sep 17 00:00:00 2001 From: Jefferson Carpenter jeffersoncarpenter2@gmail.com Date: Sat, 27 Apr 2019 07:33:59 +0000 Subject: [PATCH] server: zero allocated memory after allocating mappings
An uninitialized read occurs in the send_reply function, after get_mapping_info calls set_reply_data( &mapping->image, &c..
Please try to figure out which field is not initialized and set it to a correct value, instead of hiding the problem by zeroing everything.
-- Alexandre Julliard julliard@winehq.org
Jefferson Carpenter jeffersoncarpenter2@gmail.com writes:
Turns out it's because pe_image_info_t is 88 bytes in size but only 84 are used for data members, the last 4 bytes unused.
This is a hard problem in general, since padding bytes can occur between data members as well as the end of the struct.
Probably the cleanest way to fix the valgrind warning is to alter get_mapping_info so that it sets the reply data memberwise, rather than as a binary blob.
You can declare the padding member explicitly, like we do for other similar structures in the server protocol.
See attached patch for one way to fix this. A macro is used to iterate over all of the struct's members, and it is used both to define the struct, and to pack it into a BLOB (and to un-pack it (not shown)). Patch not suggested for merge.
Is this the kind of thing you're interested in?
- Jefferson
On Sun, Apr 28, 2019 at 7:44 PM Alexandre Julliard julliard@winehq.org wrote:
Jefferson Carpenter jeffersoncarpenter2@gmail.com writes:
From 12fe924328dd2317741db9db28cb9a2ad03a8692 Mon Sep 17 00:00:00 2001 From: Jefferson Carpenter jeffersoncarpenter2@gmail.com Date: Sat, 27 Apr 2019 07:33:59 +0000 Subject: [PATCH] server: zero allocated memory after allocating mappings
An uninitialized read occurs in the send_reply function, after get_mapping_info calls set_reply_data( &mapping->image, &c..
Please try to figure out which field is not initialized and set it to a correct value, instead of hiding the problem by zeroing everything.
-- Alexandre Julliard julliard@winehq.org