Avoid accessing uninitialised memory in net_crypto.
#386
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
I thought about reviewing the entire calling stack to make sure this is okay. But instead, I'm just going to accept it because it's an obviously better fix. Reviewed 1 of 1 files at r1. Comments from Reviewable |
On x86 and x86_64, this change has no effect. On IA64, this fixes a potential hardware exception. A function returned a partially initialised value of aggregate type. The only caller of this function checks that the value is valid before accessing it by testing the one definitely initialised member. Therefore on x86 and derived architectures, there is no uninitialised memory access. On IA64, with the regular calling convention, the struct is allocated on the caller stack and passed as a pointer, so there the uninitialised memory is also never accessed. However, on calling conventions where one or more struct members past the first byte are passed in registers or copied in memory, this call can cause undefined behaviour. Specifically, the value can contain a trap representation of the integers (at the very least the 16 bit port) and cause a hardware exception and SIGFPE in userland. Regardless of the explanation above, this change fixes an instance of undefined behaviour that just happened to be OK on all systems we tested on.
|
Comments from Reviewable |
iphydf
added
refactor
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
On x86 and x86_64, this change has no effect. On IA64, this fixes a
potential hardware exception. A function returned a partially initialised
value of aggregate type. The only caller of this function checks that the
value is valid before accessing it by testing the one definitely
initialised member. Therefore on x86 and derived architectures, there is
no uninitialised memory access. On IA64, with the regular calling
convention, the struct is allocated on the caller stack and passed as a
pointer, so there the uninitialised memory is also never accessed.
However, on calling conventions where one or more struct members past the
first byte are passed in registers or copied in memory, this call can
cause undefined behaviour.
Specifically, the value can contain a trap representation of the integers
(at the very least the 16 bit port) and cause a hardware exception and
SIGFPE in userland.
Regardless of the explanation above, this change fixes an instance of
undefined behaviour that just happened to be OK on all systems we tested
on.
This change is