From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail1.windriver.com (mail1.windriver.com [147.11.146.13]) by dpdk.org (Postfix) with ESMTP id DDE76F614 for ; Thu, 2 Mar 2017 20:29:51 +0100 (CET) Received: from ALA-HCA.corp.ad.wrs.com (ala-hca.corp.ad.wrs.com [147.11.189.40]) by mail1.windriver.com (8.15.2/8.15.1) with ESMTPS id v22JToBG025105 (version=TLSv1 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 2 Mar 2017 11:29:50 -0800 (PST) Received: from yow-cgts4-lx.wrs.com (128.224.145.137) by ALA-HCA.corp.ad.wrs.com (147.11.189.50) with Microsoft SMTP Server (TLS) id 14.3.294.0; Thu, 2 Mar 2017 11:29:49 -0800 From: Allain Legacy To: , CC: , Date: Thu, 2 Mar 2017 14:29:28 -0500 Message-ID: <1488482971-170522-3-git-send-email-allain.legacy@windriver.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1488482971-170522-1-git-send-email-allain.legacy@windriver.com> References: <1488482971-170522-1-git-send-email-allain.legacy@windriver.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [128.224.145.137] Subject: [dpdk-dev] [PATCH 2/5] cfgfile: cfg object not initialized after allocation X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Mar 2017 19:29:52 -0000 After the call to malloc() the cfg object is only partially initialized with memset(). If parsing of the ini file fails because of a parsing error then the subsequent call to rte_cfgfile_close() segfaults due to uninitialized memory. This reproducible by attempting to parse a ini file that has a key=value entry before the first [section] statement. Signed-off-by: Allain Legacy --- lib/librte_cfgfile/rte_cfgfile.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/librte_cfgfile/rte_cfgfile.c b/lib/librte_cfgfile/rte_cfgfile.c index 603dd73..7a9206d 100644 --- a/lib/librte_cfgfile/rte_cfgfile.c +++ b/lib/librte_cfgfile/rte_cfgfile.c @@ -94,18 +94,19 @@ struct rte_cfgfile * int curr_entry = -1; char buffer[256] = {0}; int lineno = 0; + size_t size; struct rte_cfgfile *cfg = NULL; FILE *f = fopen(filename, "r"); if (f == NULL) return NULL; - cfg = malloc(sizeof(*cfg) + sizeof(cfg->sections[0]) * - allocated_sections); + size = sizeof(*cfg) + sizeof(cfg->sections[0]) * allocated_sections; + cfg = malloc(size); if (cfg == NULL) goto error2; - memset(cfg->sections, 0, sizeof(cfg->sections[0]) * allocated_sections); + memset(cfg, 0, size); while (fgets(buffer, sizeof(buffer), f) != NULL) { char *pos = NULL; -- 1.8.3.1