[PATCH] Fix an uninitialized read in (autogenerated?) code
Volker Lendecke
Volker.Lendecke at SerNet.DE
Tue Jul 7 07:07:18 UTC 2015
Hi, Günther!
It seems PIDL is wrong here, at least it appears so.
Review&push appreciated!
Thanks,
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From 531d7729a663edde00bb275971cb3d325e95e654 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 7 Jul 2015 08:56:47 +0200
Subject: [PATCH] libndr: Fix CID 1311245 Uninitialized pointer read
Before this patch we read _mem_save_messages_0 in line 100 without initializing
it. If this is autogenerated code, the autogenerator needs fixing.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
librpc/ndr/ndr_witness.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/librpc/ndr/ndr_witness.c b/librpc/ndr/ndr_witness.c
index 40586f4..d48e2d3 100644
--- a/librpc/ndr/ndr_witness.c
+++ b/librpc/ndr/ndr_witness.c
@@ -62,7 +62,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_witness_notifyResponse(struct ndr_pull *ndr,
{
uint32_t size_messages_0 = 0;
uint32_t cntr_messages_0;
- TALLOC_CTX *_mem_save_messages_0;
{
uint32_t _flags_save_STRUCT = ndr->flags;
ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX);
@@ -83,6 +82,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_witness_notifyResponse(struct ndr_pull *ndr,
r->messages = NULL;
}
if (r->messages) {
+ TALLOC_CTX *_mem_save_messages_0;
size_messages_0 = r->num;
NDR_PULL_ALLOC_N(ndr, r->messages, size_messages_0);
_mem_save_messages_0 = NDR_PULL_GET_MEM_CTX(ndr);
@@ -96,8 +96,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_witness_notifyResponse(struct ndr_pull *ndr,
}
NDR_CHECK(ndr_pull_subcontext_end(ndr, _ndr_messages, 4, r->length));
}
+ NDR_PULL_SET_MEM_CTX(ndr, _mem_save_messages_0, 0);
}
- NDR_PULL_SET_MEM_CTX(ndr, _mem_save_messages_0, 0);
ndr->flags = _flags_save_witness_notifyResponse_message;
}
NDR_CHECK(ndr_pull_trailer_align(ndr, 4));
--
1.9.1
More information about the samba-technical
mailing list