Opened 11 years ago

Closed 10 years ago

#10221 closed bug (fixed)

Fixed arbitrary memory reading

Reported by: Ezodev Owned by: nobody
Priority: normal Milestone: R1
Component: - General Version: R1/Development
Keywords: gci2013 Cc:
Blocked By: Blocking:
Platform: All

Description

Found this in Coverity, CID:1108404

But, I'm 99% sure it is just false positive. I created tihs ticket because it may be serious bug.

Method BuildReportList reads what contains table of pointers of second parameter. But, this was uninitialized.

I saw this is 99% false positive because if it's kernel mode this willn't crash machine. But I saw preprocessor constant with word USERLAND and I'm not sure if it's kernel mode. If it's, setting this array to nulls is probably only wasting cpu cycles.

Attachments (1)

0001-Initializing-pointers-to-prevent-arbitrary-memory-re.patch (1002 bytes ) - added by Ezodev 11 years ago.

Download all attachments as: .zip

Change History (4)

comment:1 by Ezodev, 11 years ago

patch: 01

comment:2 by Ezodev, 11 years ago

Okay, I changed it. I've never heard of this function before.

Version 0, edited 11 years ago by Ezodev (next)

comment:3 by pulkomandy, 10 years ago

Resolution: fixed
Status: newclosed

Fixed in a slightly simpler way in hrev48546.

Note: See TracTickets for help on using tickets.