Originally submitted via Red Hat bugzilla by Philippe Troin: https://bugzilla.redhat.com/show_bug.cgi?id=451727 Description: While trying to track down some crashes in kino, I found the following problems with libraw1394: * There is a DIR* leak in raw1394_set_port(). * Lots of data structures are not fully initialized when calling IEEE1394 ioctl()s. These cause valgrind errors (benign, as valgrind does not know how to interpret all ioctls. However these also cause kino to crash in libraw1394. I've added a bunch of memset()s to prevent this problem from happening. Author: Philippe Troin Forward-ported to libraw1394 git tree by Jarod Wilson. Signed-off-by: Jarod Wilson -- src/fw-iso.c | 2 ++ src/fw.c | 15 ++++++++++++++- tools/testlibraw.c | 1 + 3 files changed, 17 insertions(+), 1 deletions(-) diff --git a/src/fw-iso.c b/src/fw-iso.c index 471d981..a1794c3 100644 --- a/src/fw-iso.c +++ b/src/fw-iso.c @@ -401,6 +401,7 @@ iso_init(fw_handle_t handle, int type, } handle->iso.closure.func = handle_iso_event; + memset(&ep, 0, sizeof(ep)); ep.events = EPOLLIN; ep.data.ptr = &handle->iso.closure; if (epoll_ctl(handle->epoll_fd, EPOLL_CTL_ADD, @@ -411,6 +412,7 @@ iso_init(fw_handle_t handle, int type, return -1; } + memset(&create, 0, sizeof(create)); create.type = type; create.channel = channel; create.speed = speed; diff --git a/src/fw.c b/src/fw.c index 1322fe2..3c61385 100644 --- a/src/fw.c +++ b/src/fw.c @@ -149,6 +149,8 @@ scan_devices(fw_handle_t handle) fd = open(filename, O_RDWR); if (fd < 0) continue; + memset(&get_info, 0, sizeof(get_info)); + memset(&reset, 0, sizeof(reset)); get_info.version = FW_CDEV_VERSION; get_info.rom = 0; get_info.rom_length = 0; @@ -404,7 +406,10 @@ fw_handle_t fw_new_handle(void) struct epoll_event ep; int i; + memset(&ep, 0, sizeof(ep)); + handle = malloc(sizeof *handle); + memset(handle, 0, sizeof(*handle)); handle->tag_handler = default_tag_handler; handle->arm_tag_handler = default_arm_tag_handler; @@ -580,6 +585,8 @@ int fw_set_port(fw_handle_t handle, int port) if (fd < 0) continue; + memset(&get_info, 0, sizeof(get_info)); + memset(&reset, 0, sizeof(reset)); get_info.version = FW_CDEV_VERSION; get_info.rom = 0; get_info.rom_length = 0; @@ -603,10 +610,12 @@ int fw_set_port(fw_handle_t handle, int port) sizeof handle->devices[i].filename); handle->devices[i].closure.func = handle_device_event; + memset(&ep, 0, sizeof(ep)); ep.events = EPOLLIN; ep.data.ptr = &handle->devices[i].closure; if (epoll_ctl(handle->epoll_fd, EPOLL_CTL_ADD, fd, &ep) < 0) { close(fd); + closedir(dir); return -1; } @@ -621,6 +630,8 @@ int fw_set_port(fw_handle_t handle, int port) i++; } + closedir(dir); + return 0; } @@ -1220,6 +1231,7 @@ fw_start_fcp_listen(fw_handle_t handle) closure->callback = handle_fcp_request; + memset(&request, 0, sizeof(request)); request.offset = CSR_REGISTER_BASE + CSR_FCP_COMMAND; request.length = CSR_FCP_END - CSR_FCP_COMMAND; request.closure = ptr_to_u64(closure); @@ -1256,6 +1268,7 @@ fw_get_config_rom(fw_handle_t handle, quadlet_t *buffer, struct fw_cdev_get_info get_info; int err; + memset(&get_info, 0, sizeof(get_info)); get_info.version = FW_CDEV_VERSION; get_info.rom = ptr_to_u64(buffer); get_info.rom_length = buffersize; @@ -1284,7 +1297,7 @@ fw_bandwidth_modify (raw1394handle_t handle, if (bandwidth == 0) return 0; - + addr = CSR_REGISTER_BASE + CSR_BANDWIDTH_AVAILABLE; /* Read current bandwidth usage from IRM. */ result = raw1394_read (handle, raw1394_get_irm_id (handle), addr, diff --git a/tools/testlibraw.c b/tools/testlibraw.c index 2f02a6d..efd87ad 100644 --- a/tools/testlibraw.c +++ b/tools/testlibraw.c @@ -202,6 +202,7 @@ int main(int argc, char **argv) read_topology_map(handle); printf("testing config rom stuff\n"); + memset(rom, 0, sizeof(rom)); retval=raw1394_get_config_rom(handle, rom, 0x100, &rom_size, &rom_version); printf("get_config_rom returned %d, romsize %d, rom_version %d\n",retval,rom_size,rom_version); printf("here are the first 10 quadlets:\n");