[File] Uninitialized variable fix
Steve Grubb
sgrubb at redhat.com
Tue Feb 24 02:31:55 UTC 2026
/Hello Christos, /
/In src/softmagic.c, we have the msetoffset function. bb can be uninitialized /
/under the right conditions. At the test, if (b->fd == -1), if that is true it /
/updates some offsets and does not call buffer_init. It skips both else /
/statements. It continue execution at "if ((ms->flags & MAGIC_DEBUG) != 0)" /
/where it might use them uninitialized if MAGIC_DEBUG was passed. But later /
/after the function returns, it will call mget passing bb.fbuf and bb.flen /
/which are uninitialized. They will be whatever the stack contents are. /
/The minimal fix is to unconditionally initialize bb at the beginning of the /
/function. I'm setting it to the value initialized in the normal branch. I /
/think those are what gets passed to mget(). Because it was already set at
the beginning of the function, down below I deleted that one. /
/You know the code better than I do. You may choose a different solution. /
/Anyways, just wanted to pass this along. I found this with scan-build, which /
/is part of clang-analyzer. /
/Best Regards,/
/-Steve/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.astron.com/pipermail/file/attachments/20260223/e94428f5/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: uninit.patch
Type: text/x-patch
Size: 733 bytes
Desc: not available
URL: <https://mailman.astron.com/pipermail/file/attachments/20260223/e94428f5/attachment.bin>
More information about the File
mailing list