[PATCH 1/2] sock: fix bitwise OR operation short circuit
Dmitry V. Levin
ldv at altlinux.org
Thu Dec 22 23:03:02 UTC 2016
On Mon, Dec 19, 2016 at 11:33:46PM +0800, JingPiao Chen wrote:
> sock.c: 150
>
> 150 if (syserror(tcp) || umove(tcp, addr, &ifc) < 0) {
> 151 if (ifc.ifc_buf)
> 152 tprints("}");
> 153 else
> 154 printaddr(addr);
> 155 return RVAL_DECODED | 1;
> 156 }
>
> Second enter function decode_ifconf(), if syserror(tcp) is true,
> variable ifc is garbage value. "if (ifc.ifc_buf)" may be wrong.
Congratulations, you've found a bug. :)
> From 5b2d4f12d61e5a03212de948508e830c9aeeef87 Mon Sep 17 00:00:00 2001
> From: JingPiao Chen <chenjingpiao at gmail.com>
> Date: Mon, 19 Dec 2016 23:08:09 +0800
> Subject: [PATCH 1/2] sock: fix bitwise OR operation short circuit
>
> * sock.c (decode_ifconf): Exchange the place of syserror() and umove().
> ---
> sock.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/sock.c b/sock.c
> index cf13896..0bdb7a9 100644
> --- a/sock.c
> +++ b/sock.c
> @@ -147,7 +147,7 @@ decode_ifconf(struct tcb *tcp, const long addr)
> return 1;
> }
>
> - if (syserror(tcp) || umove(tcp, addr, &ifc) < 0) {
> + if (umove(tcp, addr, &ifc) < 0 || syserror(tcp)) {
> if (ifc.ifc_buf)
> tprints("}");
This cannot be the right fix:
if umove returned an error, ifc.ifc_buf is undefined.
--
ldv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20161223/1eaf9a1f/attachment.bin>
More information about the Strace-devel
mailing list