dirmngr: Avoid accessing uninitialized memory in log callback.
authorWerner Koch <wk@gnupg.org>
Tue, 16 Jun 2015 10:12:03 +0000 (12:12 +0200)
committerWerner Koch <wk@gnupg.org>
Tue, 16 Jun 2015 16:11:31 +0000 (18:11 +0200)
* dirmngr/dirmngr.c (pid_suffix_callback): Clear int_and_ptr_u before
use.
(start_connection_thread): Ditto.
(handle_connections): Ditto.
--

Example valgrind output:

==2921== Conditional jump or move depends on uninitialised value(s)
==2921==    at 0x5BBDEF4: pthread_getspecific (pthread_getspecific.c:57)
==2921==    by 0x40AAEE: pid_suffix_callback (dirmngr.c:614)
==2921==    by 0x433F5A: do_logv (logging.c:684)

This is because on 64 bit systems "sizeof aptr > sizeof aint" and thus
Valgrind complains about this.  It is no a real problem because we
don't use the unitialized bits.

Signed-off-by: Werner Koch <wk@gnupg.org>
dirmngr/dirmngr.c

index 3375a4a..a9efba9 100644 (file)
@@ -297,7 +297,7 @@ union int_and_ptr_u
 
 /* The key used to store the current file descriptor in the thread
    local storage.  We use this in conjunction with the
-   log_set_pid_suffix_cb feature..  */
+   log_set_pid_suffix_cb feature.  */
 #ifndef HAVE_W32_SYSTEM
 static int my_tlskey_current_fd;
 #endif
@@ -611,6 +611,7 @@ pid_suffix_callback (unsigned long *r_suffix)
 {
   union int_and_ptr_u value;
 
+  memset (&value, 0, sizeof value);
   value.aptr = npth_getspecific (my_tlskey_current_fd);
   *r_suffix = value.aint;
   return (*r_suffix != -1);  /* Use decimal representation.  */
@@ -1915,6 +1916,7 @@ start_connection_thread (void *arg)
   union int_and_ptr_u argval;
   gnupg_fd_t fd;
 
+  memset (&argval, 0, sizeof argval);
   argval.aptr = arg;
   fd = argval.afd;
 
@@ -2054,12 +2056,14 @@ handle_connections (assuan_fd_t listen_fd)
               union int_and_ptr_u argval;
              npth_t thread;
 
+              memset (&argval, 0, sizeof argval);
               argval.afd = fd;
               snprintf (threadname, sizeof threadname-1,
                         "conn fd=%d", FD2INT(fd));
               threadname[sizeof threadname -1] = 0;
 
-              ret = npth_create (&thread, &tattr, start_connection_thread, argval.aptr);
+              ret = npth_create (&thread, &tattr,
+                                 start_connection_thread, argval.aptr);
              if (ret)
                 {
                   log_error ("error spawning connection handler: %s\n",