Bug 196194 - hexdump(1): Read/branch on uninitialized stat structure leftover from 4.4BSD-lite
Summary: hexdump(1): Read/branch on uninitialized stat structure leftover from 4.4BSD-...
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Some People
Assignee: Jilles Tjoelker
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-12-22 15:12 UTC by Andrew Reiter
Modified: 2015-05-10 21:28 UTC (History)
1 user (show)

See Also:
jilles: mfc-stable10+
jilles: mfc-stable9-
jilles: mfc-stable8-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Reiter 2014-12-22 15:12:26 UTC
In the usr.bin/hexdump source directory, there is code for hexdump tool, od tool (I think that's it). In quickly looking at code that seems to only be used in od, I found this oddball that seems to have gotten through compilers since 4.4BSD lite import:

368	void
369	doskip(const char *fname, int statok)
370	{
371	        int cnt;
372	        struct stat sb;
373	
374	        if (statok) {
375	                if (fstat(fileno(stdin), &sb))
376	                        err(1, "%s", fname);
377	                if (S_ISREG(sb.st_mode) && skip >= sb.st_size) {
378	                        address += sb.st_size;
379	                        skip -= sb.st_size;
380	                        return;
381	                }
382	        }
383	        if (S_ISREG(sb.st_mode)) {
384	                if (fseeko(stdin, skip, SEEK_SET))
385	                        err(1, "%s", fname);
386	                address += skip;
387	                skip = 0;
388	        } else {
389	                for (cnt = 0; cnt < skip; ++cnt)
390	                        if (getchar() == EOF)
391	                                break;
392	                address += cnt;
393	                skip -= cnt;
394	        }
395	}


The code is reading and branching on initialized 'struct stat sb' structure.

I looked briefly to see what the appropriate fix was, but sadly, I have been busy with some other work and was unable to come up with a suitable patch :-( I apologize for this! If no one will work on it, I will do something slowly over the holidays.
Comment 1 Andrew Reiter 2014-12-22 15:46:45 UTC
I should have mentioned this is in usr.bin/hexdump/display.c. Sorry for confusion.
Comment 2 Jilles Tjoelker freebsd_committer freebsd_triage 2015-04-27 12:28:04 UTC
Fixed in head r282041.
Comment 3 commit-hook freebsd_committer freebsd_triage 2015-05-10 21:26:24 UTC
A commit references this bug:

Author: jilles
Date: Sun May 10 21:26:08 UTC 2015
New revision: 282738
URL: https://svnweb.freebsd.org/changeset/base/282738

Log:
  MFC r282041: hexdump: Don't use uninitialized struct stat.

  PR:		196194

Changes:
_U  stable/10/
  stable/10/usr.bin/hexdump/display.c