Bug 975721
| Summary: | out of bounds buffer access in loader/net.c | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Thomas Jarosch <thomas.jarosch> |
| Component: | anaconda | Assignee: | Anaconda Maintenance Team <anaconda-maint-list> |
| Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rawhide | CC: | anaconda-maint-list, dshea, g.kaviyarasu, jonathan, mkolman, sbueno, vanmeeuwen+fedora |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-06-21 01:33:45 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
loader has been gone since f17. Thanks for checking. Sorry for the noise, I didn't notice I was on my f12 branch. Funnily the bug was fixed in 7c297f855a40daf8fd0419d4212514ac98936a0f though the commit log does not explicitly mention the root cause of the crash :) So RHEL6 is safe, too. Cheers, Thomas |
Hi, I quickly checked anaconda with cppcheck and found the following: [loader/net.c:983]: (error) Array 'have[2]' accessed at index 2, which is out of bounds. [loader/net.c:992]: (error) Array 'have[2]' accessed at index 2, which is out of bounds. [loader/net.c:1042]: (error) Array 'have[2]' accessed at index 2, which is out of bounds. [loader/net.c:1059]: (error) Array 'have[2]' accessed at index 2, which is out of bounds. [loader/net.c:1108]: (error) Array 'have[2]' accessed at index 2, which is out of bounds. [loader/net.c:761]: (error) Array 'stack[2]' accessed at index 2, which is out of bounds. [loader/net.c:844]: (error) Array 'stack[2]' accessed at index 2, which is out of bounds. [loader/net.c:1036]: (error) Array 'stack[2]' accessed at index 2, which is out of bounds. [loader/net.c:1108]: (error) Array 'stack[2]' accessed at index 2, which is out of bounds. ... The problem is the address family enum in isys/iface.h which looks like this: "enum { IPUNUSED, IPV4, IPV6 };" -> IPV6 will probably resolve to "2" for most compilers. How should we fix this? cppcheck reported also a bunch of bogus code: [loader/net.c:892] -> [loader/net.c:888]: (style) Duplicate conditions in 'if' and related 'else if'. loader/net.c:945] -> [loader/net.c:943]: (style) Duplicate conditions in 'if' and related 'else if'. [loader/moduleinfo.c:184] -> [loader/moduleinfo.c:182]: (style) Duplicate conditions in 'if' and related 'else if'. Cheers, Thomas