This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] [BZ 17542] sunrpc: conditional jump depends on uninitialised value in svc_getreq_common
- From: Andreas Schwab <schwab at suse dot de>
- To: Siddhesh Poyarekar <siddhesh at redhat dot com>
- Cc: bhubbard at redhat dot com, libc-alpha at sourceware dot org
- Date: Wed, 05 Nov 2014 10:31:31 +0100
- Subject: Re: [PATCH] [BZ 17542] sunrpc: conditional jump depends on uninitialised value in svc_getreq_common
- Authentication-results: sourceware.org; auth=none
- References: <54597868 dot 3060408 at redhat dot com> <mvmr3xif28d dot fsf at hawking dot suse dot de> <20141105091434 dot GJ17703 at spoyarek dot pnq dot redhat dot com>
Siddhesh Poyarekar <siddhesh@redhat.com> writes:
> On Wed, Nov 05, 2014 at 10:03:46AM +0100, Andreas Schwab wrote:
>> Brad Hubbard <bhubbard@redhat.com> writes:
>>
>> > Following is the valgrind warning.
>> >
>> > ==26802== Conditional jump or move depends on uninitialised value(s)
>> > ==26802== at 0x5343A25: svc_getreq_common (in /lib64/libc-2.5.so)
>>
>> > ==26802== by 0x534357B: svc_getreqset (in /lib64/libc-2.5.so)
>>
>> Why was svc_getreqset called with file descriptors that were never seen
>> by xprt_register?
>
> That is likely an application bug, but it might not be a bad idea to
> include the patch anyway. Failing the NULL check and returning seems
> better than allowing to dereference arbitrary pointer values.
But what does this have to do with "sock > _rpc_dtablesize()"?
Andreas.
--
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."