Avoid accessing uninitialised memory in net_crypto.

On x86 and x86_64, this change has no effect. On IA64, this fixes a
potential hardware exception. A function returned a partially initialised
value of aggregate type. The only caller of this function checks that the
value is valid before accessing it by testing the one definitely
initialised member. Therefore on x86 and derived architectures, there is
no uninitialised memory access. On IA64, with the regular calling
convention, the struct is allocated on the caller stack and passed as a
pointer, so there the uninitialised memory is also never accessed.
However, on calling conventions where one or more struct members past the
first byte are passed in registers or copied in memory, this call can
cause undefined behaviour.

Specifically, the value can contain a trap representation of the integers
(at the very least the 16 bit port) and cause a hardware exception and
SIGFPE in userland.

Regardless of the explanation above, this change fixes an instance of
undefined behaviour that just happened to be OK on all systems we tested
on.
This commit is contained in:
iphydf 2017-01-05 16:23:42 +00:00
parent 3fb683115c
commit 9d56db3a54
No known key found for this signature in database
GPG Key ID: 3855DBA2D74403C9

View File

@ -463,8 +463,7 @@ static int add_ip_port_connection(Net_Crypto *c, int crypt_connection_id, IP_Por
*/ */
static IP_Port return_ip_port_connection(Net_Crypto *c, int crypt_connection_id) static IP_Port return_ip_port_connection(Net_Crypto *c, int crypt_connection_id)
{ {
IP_Port empty; const IP_Port empty = {{0}};
empty.ip.family = 0;
Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id); Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);