From: Andre Noll Date: Sun, 11 May 2014 19:47:03 +0000 (+0200) Subject: recv: Don't segfault on invalid chunk values. X-Git-Tag: v0.5.3~6^2 X-Git-Url: http://git.tue.mpg.de/?a=commitdiff_plain;h=0160a4e41a7985ee17e1732ea5e18604001d5726;p=paraslash.git recv: Don't segfault on invalid chunk values. If recv->open() fails, para_recv segfaults after ==10129== Conditional jump or move depends on uninitialised value(s) ==10129== at 0x41BA18A: vfprintf (vfprintf.c:1634) ==10129== by 0x41BE3D8: buffered_vfprintf (vfprintf.c:2311) ==10129== by 0x41B975C: vfprintf (vfprintf.c:1289) ==10129== by 0x804C6AF: stderr_log (in /home/maan/scm/paraslash/para_recv) ==10129== by 0x804A193: main (recv.c:114) This happens for example with the afh_receiver if the given start chunk is bigger than the end chunk, e.g. when para_recv is executed as ./para_recv -r 'afh -b -80 -e -89 -f foo.opus' The reason for the bug is we zero-out the stdout structure too late. Fix this by initializing the stdout task structure upfront rather than using memset(). This bug was introduced a year ago in commit b01605d7 (Avoid unwanted log messages during startup) which moved down the call to memset(). --- diff --git a/recv.c b/recv.c index 7a5549aa..f28809da 100644 --- a/recv.c +++ b/recv.c @@ -63,7 +63,7 @@ int main(int argc, char *argv[]) int ret, r_opened = 0, receiver_num; struct receiver *r = NULL; struct receiver_node rn; - struct stdout_task sot; + struct stdout_task sot = {.btrn = NULL}; static struct sched s; recv_cmdline_parser(argc, argv, &conf); @@ -89,7 +89,6 @@ int main(int argc, char *argv[]) goto out; r_opened = 1; - memset(&sot, 0, sizeof(struct stdout_task)); sot.btrn = btr_new_node(&(struct btr_node_description) EMBRACE(.parent = rn.btrn, .name = "stdout")); stdout_set_defaults(&sot);