Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 652644 Details for
Bug 880598
objdb: Don't read uninitialized memory in inc/dec
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Proposed patch
2012-11-27-0001-objdb-Don-t-read-uninitialized-memory-in-inc-dec.patch (text/plain), 3.24 KB, created by
Jan Friesse
on 2012-11-27 12:11:23 UTC
(
hide
)
Description:
Proposed patch
Filename:
MIME Type:
Creator:
Jan Friesse
Created:
2012-11-27 12:11:23 UTC
Size:
3.24 KB
patch
obsolete
>From 41234a2a499ad72c04214e1c2cb71c4a265fb6d9 Mon Sep 17 00:00:00 2001 >From: Jan Friesse <jfriesse@redhat.com> >Date: Tue, 27 Nov 2012 13:04:17 +0100 >Subject: [PATCH] objdb: Don't read uninitialized memory in inc/dec > >When object_key_increment or _decrement is called on [u]int16 value, >uninitialized value is read as result value. > >Solution is to read really only 16-bits. > >Signed-off-by: Jan Friesse <jfriesse@redhat.com> >--- > exec/objdb.c | 24 ++++++++++++++---------- > 1 files changed, 14 insertions(+), 10 deletions(-) > >diff --git a/exec/objdb.c b/exec/objdb.c >index baadda3..5d7c124 100644 >--- a/exec/objdb.c >+++ b/exec/objdb.c >@@ -1100,26 +1100,33 @@ static int object_key_increment ( > switch (object_key->value_type) { > case OBJDB_VALUETYPE_INT16: > (*(int16_t *)object_key->value)++; >+ *value = *(int16_t *)object_key->value; > break; > case OBJDB_VALUETYPE_UINT16: > (*(uint16_t *)object_key->value)++; >+ *value = *(uint16_t *)object_key->value; > break; > case OBJDB_VALUETYPE_INT32: > (*(int32_t *)object_key->value)++; >+ *value = *(int32_t *)object_key->value; > break; > case OBJDB_VALUETYPE_UINT32: > (*(uint32_t *)object_key->value)++; >+ *value = *(uint32_t *)object_key->value; > break; > case OBJDB_VALUETYPE_INT64: > (*(int64_t *)object_key->value)++; >+ *value = *(int64_t *)object_key->value; > break; > case OBJDB_VALUETYPE_UINT64: > (*(uint64_t *)object_key->value)++; >+ *value = *(uint64_t *)object_key->value; > break; > case OBJDB_VALUETYPE_ANY: > /* for backwards compatibilty */ > if (object_key->value_len == sizeof(int)) { > (*(int *)object_key->value)++; >+ *value = *(int *)object_key->value; > } > else { > res = -1; >@@ -1129,11 +1136,6 @@ static int object_key_increment ( > res = -1; > break; > } >- if (res == 0) { >- /* nasty, not sure why we need to return this typed >- * instead of void* */ >- *value = *(int *)object_key->value; >- } > } > else { > res = -1; >@@ -1187,26 +1189,33 @@ static int object_key_decrement ( > switch (object_key->value_type) { > case OBJDB_VALUETYPE_INT16: > (*(int16_t *)object_key->value)--; >+ *value = *(int16_t *)object_key->value; > break; > case OBJDB_VALUETYPE_UINT16: > (*(uint16_t *)object_key->value)--; >+ *value = *(uint16_t *)object_key->value; > break; > case OBJDB_VALUETYPE_INT32: > (*(int32_t *)object_key->value)--; >+ *value = *(int32_t *)object_key->value; > break; > case OBJDB_VALUETYPE_UINT32: > (*(uint32_t *)object_key->value)--; >+ *value = *(uint32_t *)object_key->value; > break; > case OBJDB_VALUETYPE_INT64: > (*(int64_t *)object_key->value)--; >+ *value = *(int64_t *)object_key->value; > break; > case OBJDB_VALUETYPE_UINT64: > (*(uint64_t *)object_key->value)--; >+ *value = *(uint64_t *)object_key->value; > break; > case OBJDB_VALUETYPE_ANY: > /* for backwards compatibilty */ > if (object_key->value_len == sizeof(int)) { > (*(int *)object_key->value)--; >+ *value = *(int *)object_key->value; > } > else { > res = -1; >@@ -1216,11 +1225,6 @@ static int object_key_decrement ( > res = -1; > break; > } >- if (res == 0) { >- /* nasty, not sure why we need to return this typed >- * instead of void* */ >- *value = *(int *)object_key->value; >- } > } > else { > res = -1; >-- >1.7.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=652644">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 880598
: 652644