From 0160a4e41a7985ee17e1732ea5e18604001d5726 Mon Sep 17 00:00:00 2001
From: Andre Noll <maan@systemlinux.org>
Date: Sun, 11 May 2014 21:47:03 +0200
Subject: [PATCH] recv: Don't segfault on invalid chunk values.

If recv->open() fails, para_recv segfaults after

	==10129== Conditional jump or move depends on uninitialised value(s)
	==10129==    at 0x41BA18A: vfprintf (vfprintf.c:1634)
	==10129==    by 0x41BE3D8: buffered_vfprintf (vfprintf.c:2311)
	==10129==    by 0x41B975C: vfprintf (vfprintf.c:1289)
	==10129==    by 0x804C6AF: stderr_log (in /home/maan/scm/paraslash/para_recv)
	==10129==    by 0x804A193: main (recv.c:114)

This happens for example with the afh_receiver if the given start
chunk is bigger than the end chunk, e.g. when para_recv is executed as

	./para_recv -r 'afh -b -80 -e -89 -f foo.opus'

The reason for the bug is we zero-out the stdout structure too late.
Fix this by initializing the stdout task structure upfront rather
than using memset().

This bug was introduced a year ago in commit b01605d7 (Avoid unwanted
log messages during startup) which moved down the call to memset().
---
 recv.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/recv.c b/recv.c
index 7a5549aa..f28809da 100644
--- a/recv.c
+++ b/recv.c
@@ -63,7 +63,7 @@ int main(int argc, char *argv[])
 	int ret, r_opened = 0, receiver_num;
 	struct receiver *r = NULL;
 	struct receiver_node rn;
-	struct stdout_task sot;
+	struct stdout_task sot = {.btrn = NULL};
 	static struct sched s;
 
 	recv_cmdline_parser(argc, argv, &conf);
@@ -89,7 +89,6 @@ int main(int argc, char *argv[])
 		goto out;
 	r_opened = 1;
 
-	memset(&sot, 0, sizeof(struct stdout_task));
 	sot.btrn = btr_new_node(&(struct btr_node_description)
 		EMBRACE(.parent = rn.btrn, .name = "stdout"));
 	stdout_set_defaults(&sot);
-- 
2.39.5