| Summary: | CMSG_NXTHDR use uninitialized variable | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | flypig.zhu |
| Component: | glibc | Assignee: | Carlos O'Donell <codonell> |
| Status: | CLOSED DUPLICATE | QA Contact: | qe-baseos-tools-bugs |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.2 | CC: | ashankar, fweimer, mnewsome, pfrankli |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-12-07 09:00:25 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
*** This bug has been marked as a duplicate of bug 1402299 *** |
Description of problem: Version-Release number of selected component (if applicable): glibc-2.17 _EXTERN_INLINE struct cmsghdr * __NTH (__cmsg_nxthdr (struct msghdr *__mhdr, struct cmsghdr *__cmsg)) { if ((size_t) __cmsg->cmsg_len < sizeof (struct cmsghdr)) /* The kernel header does this so there may be a reason. */ return (struct cmsghdr *) 0; __cmsg = (struct cmsghdr *) ((unsigned char *) __cmsg + CMSG_ALIGN (__cmsg->cmsg_len)); if ((unsigned char *) (__cmsg + 1) > ((unsigned char *) __mhdr->msg_control + __mhdr->msg_controllen) || ((unsigned char *) __cmsg + CMSG_ALIGN (__cmsg->cmsg_len) //__cmsg->cmsg_len is unitialized ****************************** > ((unsigned char *) __mhdr->msg_control + __mhdr->msg_controllen))) /* No more entries. */ return (struct cmsghdr *) 0; return __cmsg; } How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: