From daf042f41b1f34e59e1264744eae2a0bccfa9296 Mon Sep 17 00:00:00 2001 From: Noel Power Date: Thu, 29 Oct 2015 11:11:00 +0000 Subject: [PATCH 1/5] remove many valgrind errors for base.lock test mostly "Conditional jump or move depends on uninitialised value" & "Use of uninitialised value of size 8" errors, suspect this is related to compiler padding for the struct Signed-off-by: Noel Power Reviewed-by: Jeremy Allison Reviewed-by: Volker Lendecke Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Fri Nov 6 00:16:53 CET 2015 on sn-devel-104 (cherry picked from commit ce8068e70b11a3ce5634c56f43a035713c5ea2ed) --- source3/locking/brlock.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/source3/locking/brlock.c b/source3/locking/brlock.c index 1a468d0..30f4cee 100644 --- a/source3/locking/brlock.c +++ b/source3/locking/brlock.c @@ -1006,6 +1006,8 @@ NTSTATUS brl_lock(struct messaging_context *msg_ctx, NTSTATUS ret; struct lock_struct lock; + ZERO_STRUCT(lock); + #if !ZERO_ZERO if (start == 0 && size == 0) { DEBUG(0,("client sent 0/0 lock - please report this\n")); -- 2.1.4 From 9fd599fef015d270a3c7e4c1d2618efbfa52d438 Mon Sep 17 00:00:00 2001 From: Noel Power Date: Wed, 28 Oct 2015 21:17:42 +0000 Subject: [PATCH 2/5] fix uninitialised read in process_host_announce Signed-off-by: Noel Power Reviewed-by: Jeremy Allison Reviewed-by: Volker Lendecke (cherry picked from commit 7ade51901381507beaeac92e9b0d2f0d424123a9) --- source3/nmbd/nmbd_incomingdgrams.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/source3/nmbd/nmbd_incomingdgrams.c b/source3/nmbd/nmbd_incomingdgrams.c index 2dc684e..5a99fef 100644 --- a/source3/nmbd/nmbd_incomingdgrams.c +++ b/source3/nmbd/nmbd_incomingdgrams.c @@ -106,6 +106,8 @@ void process_host_announce(struct subnet_record *subrec, struct packet_struct *p struct server_record *servrec; unstring work_name; unstring source_name; + ZERO_STRUCT(source_name); + ZERO_STRUCT(announce_name); START_PROFILE(host_announce); -- 2.1.4 From 4e14d0368f0a45f461c7832397bfb0488572ee70 Mon Sep 17 00:00:00 2001 From: Noel Power Date: Wed, 28 Oct 2015 19:53:49 +0000 Subject: [PATCH 3/5] fix writev(vector[...]) points to uninitialised bytes in call_trans2findnext Signed-off-by: Noel Power Reviewed-by: Jeremy Allison Reviewed-by: Volker Lendecke (cherry picked from commit 17482d52160acc869af9f7a2029d5b595d33a12d) --- source3/smbd/trans2.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index a937023..d1bc5b2 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -2988,6 +2988,11 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd pdata = *ppdata; data_end = pdata + max_data_bytes + DIR_ENTRY_SAFETY_MARGIN - 1; + /* + * squash valgrind "writev(vector[...]) points to uninitialised byte(s)" + * error. + */ + memset(pdata + total_data, 0, (max_data_bytes + DIR_ENTRY_SAFETY_MARGIN) - total_data); /* Realloc the params space */ *pparams = (char *)SMB_REALLOC(*pparams, 6*SIZEOFWORD); if(*pparams == NULL ) { -- 2.1.4 From 0108985998724031e8f4c6b81f7a5a37ff767499 Mon Sep 17 00:00:00 2001 From: Noel Power Date: Wed, 28 Oct 2015 17:08:28 +0000 Subject: [PATCH 4/5] fix 'Invalid read of size 1' in reply_search Signed-off-by: Noel Power Reviewed-by: Jeremy Allison Reviewed-by: Volker Lendecke (cherry picked from commit 0f2f8a4f772ff22d00a9e87dafa97a431af8f6da) --- source3/smbd/reply.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 8d59412..31a33cd 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -1587,7 +1587,7 @@ void reply_search(struct smb_request *req) { connection_struct *conn = req->conn; char *path = NULL; - const char *mask = NULL; + char *mask = NULL; char *directory = NULL; struct smb_filename *smb_fname = NULL; char *fname = NULL; @@ -1668,11 +1668,11 @@ void reply_search(struct smb_request *req) p = strrchr_m(directory,'/'); if ((p != NULL) && (*directory != '/')) { - mask = p + 1; + mask = talloc_strdup(ctx, p + 1); directory = talloc_strndup(ctx, directory, PTR_DIFF(p, directory)); } else { - mask = directory; + mask = talloc_strdup(ctx, directory); directory = talloc_strdup(ctx,"."); } @@ -1721,7 +1721,7 @@ void reply_search(struct smb_request *req) goto out; } - mask = dptr_wcard(sconn, dptr_num); + mask = talloc_strdup(ctx, dptr_wcard(sconn, dptr_num)); if (!mask) { goto SearchEmpty; } @@ -1860,6 +1860,7 @@ void reply_search(struct smb_request *req) maxentries )); out: TALLOC_FREE(directory); + TALLOC_FREE(mask); TALLOC_FREE(smb_fname); END_PROFILE(SMBsearch); return; -- 2.1.4 From b7d8148dcf47487165bfa5fa008347c3b6a42aa8 Mon Sep 17 00:00:00 2001 From: Noel Power Date: Wed, 28 Oct 2015 15:42:06 +0000 Subject: [PATCH 5/5] fix writev(vector[...]) points to uninitialised bytes in call_trans2findfirst Signed-off-by: Noel Power Reviewed-by: Jeremy Allison Reviewed-by: Volker Lendecke (cherry picked from commit 9b2aba1b7aa7386dfc64bcefafa83374b6525354) --- source3/smbd/trans2.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index d1bc5b2..41e1bb1 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -2641,7 +2641,11 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd } pdata = *ppdata; data_end = pdata + max_data_bytes + DIR_ENTRY_SAFETY_MARGIN - 1; - + /* + * squash valgrind "writev(vector[...]) points to uninitialised byte(s)" + * error. + */ + memset(pdata + total_data, 0, ((max_data_bytes + DIR_ENTRY_SAFETY_MARGIN) - total_data)); /* Realloc the params space */ *pparams = (char *)SMB_REALLOC(*pparams, 10); if (*pparams == NULL) { -- 2.1.4