[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: using uninitialised value? (ITS#3086)

To: openldap-its@OpenLDAP.org
Subject: Re: using uninitialised value? (ITS#3086)
From: praveen@messagecare.com
Date: Thu, 15 Apr 2004 07:31:26 GMT

Full_Name: praveen n
Version: 2.1.29
OS: linux kernel 2.4.20-28.7
URL: ftp://ftp.openldap.org/incoming/praveenn-040415.txt
Submission from: (NULL) (203.147.138.233)


this issue does not seem to have an impact, but purify complains about using
uninitialised values in decode.c.

I could not find any issues but it this is there from openldap 2.0.23. My logs
are for openldap2.1.29.

ftp://ftp.openldap.org/incoming/praveenn-040415.txt has the full stack trace for
several functions using the 'culprit' line:

ber->ber_tag = *(unsigned char *)ber->ber_ptr;

I am not sure if the bug happens in the beginning or end of the ber_ptr array.
If you need anything else let me know.

UMR: Uninitialized memory read:
  * This is occurring while in:
        ber_skip_tag   [decode.c:148]
        ber_get_stringbv [decode.c:430]
        ber_get_stringa [decode.c:468]
        ber_scanf      [decode.c:675]
        try_read1msg   [result.c:678]
        wait4msg       [result.c:355]
  * Reading 1 byte from 0x840ea2c in the heap.
  * Address 0x840ea2c is 12 bytes into a malloc'd block at 0x840ea20 of 13
bytes.
  * This block was allocated from:
        malloc         [rtlib.o]
        ber_memalloc   [memory.c:212]
        ber_get_next   [io.c:640]
        try_read1msg   [result.c:451]
        wait4msg       [result.c:355]
        ldap_search_st [search.c:326]

Prev by Date: RE: 2.2.9 rel eng breaks limit checks (ITS#3085)
Next by Date: RE: using uninitialised value? (ITS#3086)
Index(es):
- Chronological
- Thread