RTEMS | posix/aio_misc.c/rtems_aio_search_fd(): Uninitialized pointer read (#5131)
Alessandro Nardin (@AlessandroNardin)
gitlab at rtems.org
Tue Sep 24 15:51:49 UTC 2024
Alessandro Nardin created an issue: https://gitlab.rtems.org/rtems/rtos/rtems/-/issues/5131
## Summary
Coverity CID 1512510
Incorrect values could be read from an arbitrary memory location, causing incorrect computations.
In rtems_aio_search_fd: Reads an uninitialized pointer or its target
```
298 } else {
>>> 11. alloc_fn: Calling malloc which returns uninitialized memory.
>>> 12. assign: Assigning: r_chain = malloc(128U), which points to uninitialized data.
299 r_chain = malloc( sizeof( rtems_aio_request_chain ) );
300 rtems_chain_initialize_empty( &r_chain->perfd );
301 rtems_chain_initialize_node( &r_chain->next_fd );
302
>>> 13. Condition rtems_chain_is_empty(chain), taking true branch.
303 if ( rtems_chain_is_empty( chain ) )
>>> CID 1512510: (#1 of 1): Uninitialized pointer read (UNINIT)
>>> 14. uninit_use_in_call: Using uninitialized value r_chain->next_fd.next when calling rtems_chain_prepend.[show details]
304 rtems_chain_prepend( chain, &r_chain->next_fd );
305 else
306 rtems_chain_insert( rtems_chain_previous( node ), &r_chain->next_fd );
```
--
View it on GitLab: https://gitlab.rtems.org/rtems/rtos/rtems/-/issues/5131
You're receiving this email because of your account on gitlab.rtems.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rtems.org/pipermail/bugs/attachments/20240924/dcda4fa8/attachment-0001.htm>
More information about the bugs
mailing list