[Bug 12931] Uninitialized stack variable in bbunzip.c
bugzilla at busybox.net
bugzilla at busybox.net
Thu May 21 14:36:23 UTC 2020
https://bugs.busybox.net/show_bug.cgi?id=12931
--- Comment #2 from Denys Vlasenko <vda.linux at googlemail.com> ---
Can't reproduce:
unpack_bz2_stream()
{
bunzip_data *bd;
...
while (1) { /* "Process one BZ... stream" loop */
jmp_buf jmpbuf;
/* Setup for I/O error handling via longjmp */
i = setjmp(jmpbuf);
if (i == 0)
i = start_bunzip(&jmpbuf, &bd, xstate->src_fd, outbuf +
2, len);
static int FAST_FUNC start_bunzip(
void *jmpbuf,
bunzip_data **bdp,
int in_fd,
const void *inbuf, int len)
{
bunzip_data *bd;
...
/* Allocate bunzip_data. Most fields initialize to zero. */
bd = *bdp = xzalloc(i);
bd->jmpbuf = jmpbuf;
...
/* Ensure that file starts with "BZh['1'-'9']." */
i = get_bits(bd, 16);
The above get_bits() will longjmp(*bd->jmpbuf) on short read. At which point bd
is initialized properly, and free(bd) will not bomb out.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the busybox-cvs
mailing list