diff options
| author | Ahmed S. Darwish <darwish.07@gmail.com> | 2016-06-17 21:56:41 +0200 |
|---|---|---|
| committer | Arun Raghavan <arun@arunraghavan.net> | 2016-06-21 16:30:35 +0530 |
| commit | a07b6a8cda7fd088b60ab59186b486a7b0987282 (patch) | |
| tree | ed3bd7cca38085f64d1be848f25eb17891b7d2be /libpulse-mainloop-glib.pc.in | |
| parent | 3922bbe7eb94232cc097bc3b7a91f06b2db93df2 (diff) | |
| download | pulseaudio-a07b6a8cda7fd088b60ab59186b486a7b0987282.tar.gz | |
pstream: Fix use of uninitialized value: ancillary fd cleanup flag
As reported by valrgrind
==30002== Conditional jump or move depends on uninitialised value(s)
==30002== at 0x5CB883C: pa_cmsg_ancil_data_close_fds (pstream.c:193)
==30002== by 0x5CBB161: do_write (pstream.c:759)
==30002== by 0x5CB8B51: do_pstream_read_write (pstream.c:233)
==30002== by 0x5CB8EE8: io_callback (pstream.c:279)
...
The pa_cmsg_ancil_data structure has two main guards:
'creds_valid', which implies that it holds credentials
information, and 'nfd', which implies it holds file descriptors.
When code paths create a credentials ancillary data structure,
they just set the 'nfd' guard to zero. Typically, the rest of
pa_cmsg_ancil_data fields related to fds are _all_ left
_uninitialized_.
pa_cmsg_ancil_data_close_fds() has broken the above contract:
it accesses the new 'close_fds_on_cleanup' flag, which is related
to file descriptors, without checking the 'nfd == 0' guard first.
Fix this inconsistency.
Reported-by: Alexander E. Patrakov <patrakov@gmail.com>
Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com>
Signed-off-by: Arun Raghavan <arun@arunraghavan.net>
Diffstat (limited to 'libpulse-mainloop-glib.pc.in')
0 files changed, 0 insertions, 0 deletions