upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-11 08:40:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Remove canary code from hash destroy function (#38602)

Browse source 
This triggers a Valgrind out-of-bounds read report. It was introduced by
commit 5d7849ad7f.

No CHANGES entry necessary as it doesn't have any user-visible or
behavioral change. It removes an out-of-bounds read issue that went
undetected when allocated through isc_mem as the memory was present.
The memory read was compared to itself, so it has no behavioral change.

(cherry picked from commit ffc393dd18)
This commit is contained in:
Mukund Sivaraman 2015-02-12 18:14:34 +05:30
parent b90130d4e7
commit fe865bb8ff
1 changed files with 0 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/isc/hash.c
View file

@ -302,7 +302,6 @@ static void
destroy(isc_hash_t **hctxp) {
isc_hash_t *hctx;
isc_mem_t *mctx;
unsigned char canary0[4], canary1[4];
REQUIRE(hctxp != NULL && *hctxp != NULL);
hctx = *hctxp;
@ -324,10 +323,7 @@ destroy(isc_hash_t **hctxp) {
DESTROYLOCK(&hctx->lock);
memmove(canary0, hctx + 1, sizeof(canary0));
memset(hctx, 0, sizeof(isc_hash_t));
memmove(canary1, hctx + 1, sizeof(canary1));
INSIST(memcmp(canary0, canary1, sizeof(canary0)) == 0);
isc_mem_put(mctx, hctx, sizeof(isc_hash_t));
isc_mem_detach(&mctx);
}