[Bug 12931] Uninitialized stack variable in bbunzip.c

bugzilla at busybox.net bugzilla at busybox.net
Thu May 21 14:36:23 UTC 2020


https://bugs.busybox.net/show_bug.cgi?id=12931

--- Comment #2 from Denys Vlasenko <vda.linux at googlemail.com> ---
Can't reproduce:

unpack_bz2_stream()
{
        bunzip_data *bd;
...
        while (1) { /* "Process one BZ... stream" loop */
                jmp_buf jmpbuf;

                /* Setup for I/O error handling via longjmp */
                i = setjmp(jmpbuf);
                if (i == 0)
                        i = start_bunzip(&jmpbuf, &bd, xstate->src_fd, outbuf +
2, len);


static int FAST_FUNC start_bunzip(
                void *jmpbuf,
                bunzip_data **bdp,
                int in_fd,
                const void *inbuf, int len)
{
        bunzip_data *bd;
...
        /* Allocate bunzip_data.  Most fields initialize to zero. */
        bd = *bdp = xzalloc(i);

        bd->jmpbuf = jmpbuf;
...
        /* Ensure that file starts with "BZh['1'-'9']." */
        i = get_bits(bd, 16);


The above get_bits() will longjmp(*bd->jmpbuf) on short read. At which point bd
is initialized properly, and free(bd) will not bomb out.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


More information about the busybox-cvs mailing list