* [linux-nfc] [neard][PATCH] adapter: use sockaddr_storage to solve uninitialized sa_data access
@ 2021-10-10 10:18 ` Krzysztof Kozlowski
0 siblings, 0 replies; 2+ messages in thread
From: Krzysztof Kozlowski @ 2021-10-10 10:18 UTC (permalink / raw)
To: linux-nfc; +Cc: Krzysztof Kozlowski
On x86_64 valgrind complains when reading a tag:
neard[15754]: src/tag.c:tag_initialize()
neard[15754]: src/tag.c:set_tag_type() protocol 0x8 sens_res 0x0 sel_res 0x0
neard[15754]: src/tag.c:set_tag_type() tag type 0x3
neard[15754]: src/tag.c:__near_tag_add() connection 0x513aeb0
neard[15754]: src/adapter.c:near_adapter_connect() idx 0
==15754== Syscall param socketcall.connect(serv_addr.sa_data) points to uninitialised byte(s)
==15754== at 0x4B45057: connect (connect.c:26)
==15754== by 0x1306D8: near_adapter_connect (adapter.c:1068)
==15754== by 0x130BB3: adapter_add_tag (adapter.c:754)
==15754== by 0x130BB3: __near_adapter_add_target (adapter.c:841)
==15754== by 0x13462D: get_targets_handler (netlink.c:574)
==15754== by 0x4A11DF0: nl_recvmsgs_report (in /usr/lib/x86_64-linux-gnu/libnl-3.so.200.26.0)
==15754== by 0x4A122CC: nl_recvmsgs (in /usr/lib/x86_64-linux-gnu/libnl-3.so.200.26.0)
==15754== by 0x134262: __nl_send_msg (netlink.c:151)
==15754== by 0x13494E: nfc_netlink_event_targets_found.isra.0 (netlink.c:627)
==15754== by 0x134DB4: nfc_netlink_event (netlink.c:780)
==15754== by 0x4A11DF0: nl_recvmsgs_report (in /usr/lib/x86_64-linux-gnu/libnl-3.so.200.26.0)
==15754== by 0x4A122CC: nl_recvmsgs (in /usr/lib/x86_64-linux-gnu/libnl-3.so.200.26.0)
==15754== by 0x13483B: __nfc_netlink_event (netlink.c:837)
==15754== by 0x13483B: __nfc_netlink_event (netlink.c:821)
==15754== Address 0x1ffefffa82 is on thread 1's stack
==15754== in frame #1, created by near_adapter_connect (adapter.c:1038)
==15754==
neard[15754]: src/tag.c:__near_tag_read() type 0x3
neard[15754]: src/adapter.c:__near_adapter_stop_check_presence()
neard[15754]: src/tag.c:__near_tag_read() driver type 0x1
neard[15754]: src/tag.c:__near_tag_read() driver type 0x2
neard[15754]: src/tag.c:__near_tag_read() driver type 0x3
Due to alignment the actual sizeof(sockaddr_nfc) is 16 bytes, but only
first 14 bytes are initialized. Valgrind complains about remaining two
bytes. Solve it by using more generic storage - sockaddr_storage.
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
---
src/adapter.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/src/adapter.c b/src/adapter.c
index e0ab8c5d6055..a0042b9dce87 100644
--- a/src/adapter.c
+++ b/src/adapter.c
@@ -1036,9 +1036,10 @@ static gboolean adapter_recv_event(GIOChannel *channel, GIOCondition condition,
int near_adapter_connect(uint32_t idx, uint32_t target_idx, uint8_t protocol)
{
+ struct sockaddr_storage addr_storage = {};
struct near_adapter *adapter;
+ struct sockaddr_nfc *addr;
struct near_tag *tag;
- struct sockaddr_nfc addr;
int err, sock;
DBG("idx %u", idx);
@@ -1059,12 +1060,13 @@ int near_adapter_connect(uint32_t idx, uint32_t target_idx, uint8_t protocol)
if (sock == -1)
return -errno;
- addr.sa_family = AF_NFC;
- addr.dev_idx = idx;
- addr.target_idx = target_idx;
- addr.nfc_protocol = protocol;
+ addr = (struct sockaddr_nfc *)&addr_storage;
+ addr->sa_family = AF_NFC;
+ addr->dev_idx = idx;
+ addr->target_idx = target_idx;
+ addr->nfc_protocol = protocol;
- err = connect(sock, (struct sockaddr *) &addr, sizeof(addr));
+ err = connect(sock, (struct sockaddr *) addr, sizeof(*addr));
if (err) {
close(sock);
return -errno;
--
2.30.2
_______________________________________________
Linux-nfc mailing list -- linux-nfc@lists.01.org
To unsubscribe send an email to linux-nfc-leave@lists.01.org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [neard][PATCH] adapter: use sockaddr_storage to solve uninitialized sa_data access
@ 2021-10-10 10:18 ` Krzysztof Kozlowski
0 siblings, 0 replies; 2+ messages in thread
From: Krzysztof Kozlowski @ 2021-10-10 10:18 UTC (permalink / raw)
To: linux-nfc
[-- Attachment #1: Type: text/plain, Size: 3533 bytes --]
On x86_64 valgrind complains when reading a tag:
neard[15754]: src/tag.c:tag_initialize()
neard[15754]: src/tag.c:set_tag_type() protocol 0x8 sens_res 0x0 sel_res 0x0
neard[15754]: src/tag.c:set_tag_type() tag type 0x3
neard[15754]: src/tag.c:__near_tag_add() connection 0x513aeb0
neard[15754]: src/adapter.c:near_adapter_connect() idx 0
==15754== Syscall param socketcall.connect(serv_addr.sa_data) points to uninitialised byte(s)
==15754== at 0x4B45057: connect (connect.c:26)
==15754== by 0x1306D8: near_adapter_connect (adapter.c:1068)
==15754== by 0x130BB3: adapter_add_tag (adapter.c:754)
==15754== by 0x130BB3: __near_adapter_add_target (adapter.c:841)
==15754== by 0x13462D: get_targets_handler (netlink.c:574)
==15754== by 0x4A11DF0: nl_recvmsgs_report (in /usr/lib/x86_64-linux-gnu/libnl-3.so.200.26.0)
==15754== by 0x4A122CC: nl_recvmsgs (in /usr/lib/x86_64-linux-gnu/libnl-3.so.200.26.0)
==15754== by 0x134262: __nl_send_msg (netlink.c:151)
==15754== by 0x13494E: nfc_netlink_event_targets_found.isra.0 (netlink.c:627)
==15754== by 0x134DB4: nfc_netlink_event (netlink.c:780)
==15754== by 0x4A11DF0: nl_recvmsgs_report (in /usr/lib/x86_64-linux-gnu/libnl-3.so.200.26.0)
==15754== by 0x4A122CC: nl_recvmsgs (in /usr/lib/x86_64-linux-gnu/libnl-3.so.200.26.0)
==15754== by 0x13483B: __nfc_netlink_event (netlink.c:837)
==15754== by 0x13483B: __nfc_netlink_event (netlink.c:821)
==15754== Address 0x1ffefffa82 is on thread 1's stack
==15754== in frame #1, created by near_adapter_connect (adapter.c:1038)
==15754==
neard[15754]: src/tag.c:__near_tag_read() type 0x3
neard[15754]: src/adapter.c:__near_adapter_stop_check_presence()
neard[15754]: src/tag.c:__near_tag_read() driver type 0x1
neard[15754]: src/tag.c:__near_tag_read() driver type 0x2
neard[15754]: src/tag.c:__near_tag_read() driver type 0x3
Due to alignment the actual sizeof(sockaddr_nfc) is 16 bytes, but only
first 14 bytes are initialized. Valgrind complains about remaining two
bytes. Solve it by using more generic storage - sockaddr_storage.
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
---
src/adapter.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/src/adapter.c b/src/adapter.c
index e0ab8c5d6055..a0042b9dce87 100644
--- a/src/adapter.c
+++ b/src/adapter.c
@@ -1036,9 +1036,10 @@ static gboolean adapter_recv_event(GIOChannel *channel, GIOCondition condition,
int near_adapter_connect(uint32_t idx, uint32_t target_idx, uint8_t protocol)
{
+ struct sockaddr_storage addr_storage = {};
struct near_adapter *adapter;
+ struct sockaddr_nfc *addr;
struct near_tag *tag;
- struct sockaddr_nfc addr;
int err, sock;
DBG("idx %u", idx);
@@ -1059,12 +1060,13 @@ int near_adapter_connect(uint32_t idx, uint32_t target_idx, uint8_t protocol)
if (sock == -1)
return -errno;
- addr.sa_family = AF_NFC;
- addr.dev_idx = idx;
- addr.target_idx = target_idx;
- addr.nfc_protocol = protocol;
+ addr = (struct sockaddr_nfc *)&addr_storage;
+ addr->sa_family = AF_NFC;
+ addr->dev_idx = idx;
+ addr->target_idx = target_idx;
+ addr->nfc_protocol = protocol;
- err = connect(sock, (struct sockaddr *) &addr, sizeof(addr));
+ err = connect(sock, (struct sockaddr *) addr, sizeof(*addr));
if (err) {
close(sock);
return -errno;
--
2.30.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-10-10 10:18 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-10 10:18 [linux-nfc] [neard][PATCH] adapter: use sockaddr_storage to solve uninitialized sa_data access Krzysztof Kozlowski
2021-10-10 10:18 ` Krzysztof Kozlowski
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.