From: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
To: linux-nfc@lists.01.org
Subject: [neard][PATCH] adapter: use sockaddr_storage to solve uninitialized sa_data access
Date: Sun, 10 Oct 2021 12:18:15 +0200 [thread overview]
Message-ID: <20211010101815.17964-1-krzysztof.kozlowski@canonical.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 3533 bytes --]
On x86_64 valgrind complains when reading a tag:
neard[15754]: src/tag.c:tag_initialize()
neard[15754]: src/tag.c:set_tag_type() protocol 0x8 sens_res 0x0 sel_res 0x0
neard[15754]: src/tag.c:set_tag_type() tag type 0x3
neard[15754]: src/tag.c:__near_tag_add() connection 0x513aeb0
neard[15754]: src/adapter.c:near_adapter_connect() idx 0
==15754== Syscall param socketcall.connect(serv_addr.sa_data) points to uninitialised byte(s)
==15754== at 0x4B45057: connect (connect.c:26)
==15754== by 0x1306D8: near_adapter_connect (adapter.c:1068)
==15754== by 0x130BB3: adapter_add_tag (adapter.c:754)
==15754== by 0x130BB3: __near_adapter_add_target (adapter.c:841)
==15754== by 0x13462D: get_targets_handler (netlink.c:574)
==15754== by 0x4A11DF0: nl_recvmsgs_report (in /usr/lib/x86_64-linux-gnu/libnl-3.so.200.26.0)
==15754== by 0x4A122CC: nl_recvmsgs (in /usr/lib/x86_64-linux-gnu/libnl-3.so.200.26.0)
==15754== by 0x134262: __nl_send_msg (netlink.c:151)
==15754== by 0x13494E: nfc_netlink_event_targets_found.isra.0 (netlink.c:627)
==15754== by 0x134DB4: nfc_netlink_event (netlink.c:780)
==15754== by 0x4A11DF0: nl_recvmsgs_report (in /usr/lib/x86_64-linux-gnu/libnl-3.so.200.26.0)
==15754== by 0x4A122CC: nl_recvmsgs (in /usr/lib/x86_64-linux-gnu/libnl-3.so.200.26.0)
==15754== by 0x13483B: __nfc_netlink_event (netlink.c:837)
==15754== by 0x13483B: __nfc_netlink_event (netlink.c:821)
==15754== Address 0x1ffefffa82 is on thread 1's stack
==15754== in frame #1, created by near_adapter_connect (adapter.c:1038)
==15754==
neard[15754]: src/tag.c:__near_tag_read() type 0x3
neard[15754]: src/adapter.c:__near_adapter_stop_check_presence()
neard[15754]: src/tag.c:__near_tag_read() driver type 0x1
neard[15754]: src/tag.c:__near_tag_read() driver type 0x2
neard[15754]: src/tag.c:__near_tag_read() driver type 0x3
Due to alignment the actual sizeof(sockaddr_nfc) is 16 bytes, but only
first 14 bytes are initialized. Valgrind complains about remaining two
bytes. Solve it by using more generic storage - sockaddr_storage.
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
---
src/adapter.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/src/adapter.c b/src/adapter.c
index e0ab8c5d6055..a0042b9dce87 100644
--- a/src/adapter.c
+++ b/src/adapter.c
@@ -1036,9 +1036,10 @@ static gboolean adapter_recv_event(GIOChannel *channel, GIOCondition condition,
int near_adapter_connect(uint32_t idx, uint32_t target_idx, uint8_t protocol)
{
+ struct sockaddr_storage addr_storage = {};
struct near_adapter *adapter;
+ struct sockaddr_nfc *addr;
struct near_tag *tag;
- struct sockaddr_nfc addr;
int err, sock;
DBG("idx %u", idx);
@@ -1059,12 +1060,13 @@ int near_adapter_connect(uint32_t idx, uint32_t target_idx, uint8_t protocol)
if (sock == -1)
return -errno;
- addr.sa_family = AF_NFC;
- addr.dev_idx = idx;
- addr.target_idx = target_idx;
- addr.nfc_protocol = protocol;
+ addr = (struct sockaddr_nfc *)&addr_storage;
+ addr->sa_family = AF_NFC;
+ addr->dev_idx = idx;
+ addr->target_idx = target_idx;
+ addr->nfc_protocol = protocol;
- err = connect(sock, (struct sockaddr *) &addr, sizeof(addr));
+ err = connect(sock, (struct sockaddr *) addr, sizeof(*addr));
if (err) {
close(sock);
return -errno;
--
2.30.2
reply other threads:[~2021-10-10 10:18 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211010101815.17964-1-krzysztof.kozlowski@canonical.com \
--to=krzysztof.kozlowski@canonical.com \
--cc=linux-nfc@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).