diff options
author | Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com> | 2021-10-10 11:53:08 +0200 |
---|---|---|
committer | Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com> | 2021-10-10 12:19:30 +0200 |
commit | 343ab2c8aa9994d28265c3d5e8e0b4d988815262 (patch) | |
tree | cd28885a8a3abee316a703f25b19d4cf1b205ab4 | |
parent | 07e36d001fdca2aa650ddeb92044d47f684ee0ac (diff) | |
download | neard-343ab2c8aa9994d28265c3d5e8e0b4d988815262.tar.gz |
adapter: use sockaddr_storage to solve uninitialized sa_data access
On x86_64 valgrind complains when reading a tag:
neard[15754]: src/tag.c:tag_initialize()
neard[15754]: src/tag.c:set_tag_type() protocol 0x8 sens_res 0x0 sel_res 0x0
neard[15754]: src/tag.c:set_tag_type() tag type 0x3
neard[15754]: src/tag.c:__near_tag_add() connection 0x513aeb0
neard[15754]: src/adapter.c:near_adapter_connect() idx 0
==15754== Syscall param socketcall.connect(serv_addr.sa_data) points to uninitialised byte(s)
==15754== at 0x4B45057: connect (connect.c:26)
==15754== by 0x1306D8: near_adapter_connect (adapter.c:1068)
==15754== by 0x130BB3: adapter_add_tag (adapter.c:754)
==15754== by 0x130BB3: __near_adapter_add_target (adapter.c:841)
==15754== by 0x13462D: get_targets_handler (netlink.c:574)
==15754== by 0x4A11DF0: nl_recvmsgs_report (in /usr/lib/x86_64-linux-gnu/libnl-3.so.200.26.0)
==15754== by 0x4A122CC: nl_recvmsgs (in /usr/lib/x86_64-linux-gnu/libnl-3.so.200.26.0)
==15754== by 0x134262: __nl_send_msg (netlink.c:151)
==15754== by 0x13494E: nfc_netlink_event_targets_found.isra.0 (netlink.c:627)
==15754== by 0x134DB4: nfc_netlink_event (netlink.c:780)
==15754== by 0x4A11DF0: nl_recvmsgs_report (in /usr/lib/x86_64-linux-gnu/libnl-3.so.200.26.0)
==15754== by 0x4A122CC: nl_recvmsgs (in /usr/lib/x86_64-linux-gnu/libnl-3.so.200.26.0)
==15754== by 0x13483B: __nfc_netlink_event (netlink.c:837)
==15754== by 0x13483B: __nfc_netlink_event (netlink.c:821)
==15754== Address 0x1ffefffa82 is on thread 1's stack
==15754== in frame #1, created by near_adapter_connect (adapter.c:1038)
==15754==
neard[15754]: src/tag.c:__near_tag_read() type 0x3
neard[15754]: src/adapter.c:__near_adapter_stop_check_presence()
neard[15754]: src/tag.c:__near_tag_read() driver type 0x1
neard[15754]: src/tag.c:__near_tag_read() driver type 0x2
neard[15754]: src/tag.c:__near_tag_read() driver type 0x3
Due to alignment the actual sizeof(sockaddr_nfc) is 16 bytes, but only
first 14 bytes are initialized. Valgrind complains about remaining two
bytes. Solve it by using more generic storage - sockaddr_storage.
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
-rw-r--r-- | src/adapter.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/src/adapter.c b/src/adapter.c index e0ab8c5..a0042b9 100644 --- a/src/adapter.c +++ b/src/adapter.c @@ -1036,9 +1036,10 @@ static gboolean adapter_recv_event(GIOChannel *channel, GIOCondition condition, int near_adapter_connect(uint32_t idx, uint32_t target_idx, uint8_t protocol) { + struct sockaddr_storage addr_storage = {}; struct near_adapter *adapter; + struct sockaddr_nfc *addr; struct near_tag *tag; - struct sockaddr_nfc addr; int err, sock; DBG("idx %u", idx); @@ -1059,12 +1060,13 @@ int near_adapter_connect(uint32_t idx, uint32_t target_idx, uint8_t protocol) if (sock == -1) return -errno; - addr.sa_family = AF_NFC; - addr.dev_idx = idx; - addr.target_idx = target_idx; - addr.nfc_protocol = protocol; + addr = (struct sockaddr_nfc *)&addr_storage; + addr->sa_family = AF_NFC; + addr->dev_idx = idx; + addr->target_idx = target_idx; + addr->nfc_protocol = protocol; - err = connect(sock, (struct sockaddr *) &addr, sizeof(addr)); + err = connect(sock, (struct sockaddr *) addr, sizeof(*addr)); if (err) { close(sock); return -errno; |