From mboxrd@z Thu Jan 1 00:00:00 1970 From: Allain Legacy Subject: [PATCH 2/5] cfgfile: cfg object not initialized after allocation Date: Thu, 2 Mar 2017 14:29:28 -0500 Message-ID: <1488482971-170522-3-git-send-email-allain.legacy@windriver.com> References: <1488482971-170522-1-git-send-email-allain.legacy@windriver.com> Mime-Version: 1.0 Content-Type: text/plain Cc: , To: , Return-path: Received: from mail1.windriver.com (mail1.windriver.com [147.11.146.13]) by dpdk.org (Postfix) with ESMTP id DDE76F614 for ; Thu, 2 Mar 2017 20:29:51 +0100 (CET) In-Reply-To: <1488482971-170522-1-git-send-email-allain.legacy@windriver.com> List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" After the call to malloc() the cfg object is only partially initialized with memset(). If parsing of the ini file fails because of a parsing error then the subsequent call to rte_cfgfile_close() segfaults due to uninitialized memory. This reproducible by attempting to parse a ini file that has a key=value entry before the first [section] statement. Signed-off-by: Allain Legacy --- lib/librte_cfgfile/rte_cfgfile.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/librte_cfgfile/rte_cfgfile.c b/lib/librte_cfgfile/rte_cfgfile.c index 603dd73..7a9206d 100644 --- a/lib/librte_cfgfile/rte_cfgfile.c +++ b/lib/librte_cfgfile/rte_cfgfile.c @@ -94,18 +94,19 @@ struct rte_cfgfile * int curr_entry = -1; char buffer[256] = {0}; int lineno = 0; + size_t size; struct rte_cfgfile *cfg = NULL; FILE *f = fopen(filename, "r"); if (f == NULL) return NULL; - cfg = malloc(sizeof(*cfg) + sizeof(cfg->sections[0]) * - allocated_sections); + size = sizeof(*cfg) + sizeof(cfg->sections[0]) * allocated_sections; + cfg = malloc(size); if (cfg == NULL) goto error2; - memset(cfg->sections, 0, sizeof(cfg->sections[0]) * allocated_sections); + memset(cfg, 0, size); while (fgets(buffer, sizeof(buffer), f) != NULL) { char *pos = NULL; -- 1.8.3.1