From 02fdd9b000a873262c6abe226ac8c2dc8b616693 Mon Sep 17 00:00:00 2001 From: Andre Noll Date: Thu, 3 Mar 2011 15:51:41 +0100 Subject: [PATCH] score: Fix use of uninitialized memory on 64 bit machines. The score of an audio file in the score table is defined as a quantity which is sizeof(long) bytes large, i.e. 4 bytes on 32bit systems and 8 bytes on 64 bit systems. This is not a problem per se because the score column lives only in memory, so we do not have to worry about incompatibilities of the on-disk layout. However, at several places in score.c we cast the pointer to the osl object to (int *) rather than (long *). When writing to the object on a 64 bit machine, this will only set 4 out of the 8 allocated bytes, the other four bytes stay uninitialized. The "ls" command uses the correct cast to (long *) and reads the full 8 bytes. This causes valgrind to complain: ==5433== Conditional jump or move depends on uninitialised value(s) ==5433== at 0x4164F4: prepare_ls_row (aft.c:1334) ==5433== by 0x4E2F421: osl_rbtree_loop (osl.c:1457) ==5433== by 0x418935: admissible_file_loop (score.c:255) ==5433== by 0x41601A: com_ls_callback (aft.c:1363) ==5433== by 0x411FDE: command_post_select (afs.c:842) ==5433== by 0x41B67A: schedule (sched.c:76) ==5433== by 0x411ACF: afs_init (afs.c:986) ==5433== by 0x408863: main (server.c:451) ==5433== ==5433== Conditional jump or move depends on uninitialised value(s) ==5433== at 0x41650A: prepare_ls_row (aft.c:1334) ==5433== by 0x4E2F421: osl_rbtree_loop (osl.c:1457) ==5433== by 0x418935: admissible_file_loop (score.c:255) ==5433== by 0x41601A: com_ls_callback (aft.c:1363) ==5433== by 0x411FDE: command_post_select (afs.c:842) ==5433== by 0x41B67A: schedule (sched.c:76) ==5433== by 0x411ACF: afs_init (afs.c:986) ==5433== by 0x408863: main (server.c:451) Fix this bug by always casting to (long *). --- score.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/score.c b/score.c index 27fec711..f5fe4a83 100644 --- a/score.c +++ b/score.c @@ -38,8 +38,8 @@ static int ptr_compare(const struct osl_object *obj1, const struct osl_object *o */ static int score_compare(const struct osl_object *obj1, const struct osl_object *obj2) { - int d1 = *(int*)obj1->data; - int d2 = *(int*)obj2->data; + long d1 = *(long *)obj1->data; + long d2 = *(long *)obj2->data; int ret = NUM_COMPARE(d2, d1); if (ret) @@ -141,7 +141,7 @@ int score_add(const struct osl_row *aft_row, long score) size = score_table_desc.column_descriptions[SCORECOL_SCORE].data_size; score_objs[SCORECOL_SCORE].data = para_malloc(size); score_objs[SCORECOL_SCORE].size = size; - *(int *)(score_objs[SCORECOL_SCORE].data) = score; + *(long *)(score_objs[SCORECOL_SCORE].data) = score; // PARA_DEBUG_LOG("adding %p\n", *(void **) (score_objs[SCORECOL_AFT_ROW].data)); ret = osl(osl_add_row(score_table, score_objs)); -- 2.39.5