From fe865bb8ffb6b9e270e2bcaa70b93a61a6f8e960 Mon Sep 17 00:00:00 2001 From: Mukund Sivaraman Date: Thu, 12 Feb 2015 18:14:34 +0530 Subject: [PATCH] Remove canary code from hash destroy function (#38602) This triggers a Valgrind out-of-bounds read report. It was introduced by commit 5d7849ad7ffc6d08870dbfbc8d6bfffd90007488. No CHANGES entry necessary as it doesn't have any user-visible or behavioral change. It removes an out-of-bounds read issue that went undetected when allocated through isc_mem as the memory was present. The memory read was compared to itself, so it has no behavioral change. (cherry picked from commit ffc393dd180f9e3b300a160f1e26cbc1c2239f54) --- lib/isc/hash.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lib/isc/hash.c b/lib/isc/hash.c index e12c47183f..b69ca3f665 100644 --- a/lib/isc/hash.c +++ b/lib/isc/hash.c @@ -302,7 +302,6 @@ static void destroy(isc_hash_t **hctxp) { isc_hash_t *hctx; isc_mem_t *mctx; - unsigned char canary0[4], canary1[4]; REQUIRE(hctxp != NULL && *hctxp != NULL); hctx = *hctxp; @@ -324,10 +323,7 @@ destroy(isc_hash_t **hctxp) { DESTROYLOCK(&hctx->lock); - memmove(canary0, hctx + 1, sizeof(canary0)); memset(hctx, 0, sizeof(isc_hash_t)); - memmove(canary1, hctx + 1, sizeof(canary1)); - INSIST(memcmp(canary0, canary1, sizeof(canary0)) == 0); isc_mem_put(mctx, hctx, sizeof(isc_hash_t)); isc_mem_detach(&mctx); }