From 0de1604c2ba7165fa8d5f42e28eb00ee64850be3 Mon Sep 17 00:00:00 2001
From: Mamoru TASAKA <mtasaka@fedoraproject.org>
Date: Wed, 2 Aug 2017 14:55:42 +0900
Subject: [PATCH] bsod: fix some stack-use-after-scope issues
gcc71 -fsanitize=address detected the following stack-use-after-scope
issues on bsod:
$ ./hacks/bsod -only hppalinux
=================================================================
==4451==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7ffdaf2a10a0 at pc 0x7ffae84a0902 bp 0x7ffdaf2a0750 sp 0x7ffdaf29fef8
READ of size 138 at 0x7ffdaf2a10a0 thread T0
#0 0x7ffae84a0901 in __interceptor___strdup (/lib64/libasan.so.4+0x77901)
#1 0x462f67 in hppa_linux ../../hacks/bsod.c:3094
#2 0x467ed8 in bsod_draw ../../hacks/bsod.c:4650
#3 0x40643e in run_screenhack_table ../../hacks/screenhack.c:573
#4 0x40643e in main ../../hacks/screenhack.c:965
#5 0x7ffae50654d9 in __libc_start_main (/lib64/libc.so.6+0x204d9)
#6 0x408049 in _start (/home/mtasaka/rpmbuild/fedora-specific/TMP/xscreensaver/master/xscreensaver-5.37/x86_64-unknown-linux-gnu/hacks/bsod+0x408049)
Address 0x7ffdaf2a10a0 is located in stack of thread T0 at offset 2240 in frame
#0 0x46268f in hppa_linux ../../hacks/bsod.c:2911
This frame has 3 object(s):
[32, 422) 'uts'
[480, 2208) 'linux_panic'
[2240, 3264) 'ss' <== Memory access at offset 2240 is inside this variable
Note that uts.nodename is also invalid stack-use-after-scope.
$ ./hacks/bsod -only vms
=================================================================
==4582==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7ffdc218e8c1 at pc 0x7f97109d036e bp 0x7ffdc218e680 sp 0x7ffdc218de28
READ of size 10 at 0x7ffdc218e8c1 thread T0
#0 0x7f97109d036d (/lib64/libasan.so.4+0x5136d)
#1 0x460077 in vms ../../hacks/bsod.c:3199
#2 0x467ed8 in bsod_draw ../../hacks/bsod.c:4650
#3 0x40643e in run_screenhack_table ../../hacks/screenhack.c:573
#4 0x40643e in main ../../hacks/screenhack.c:965
#5 0x7f970d5bb4d9 in __libc_start_main (/lib64/libc.so.6+0x204d9)
#6 0x408049 in _start (/home/mtasaka/rpmbuild/fedora-specific/TMP/xscreensaver/master/xscreensaver-5.37/x86_64-unknown-linux-gnu/hacks/bsod+0x408049)
Address 0x7ffdc218e8c1 is located in stack of thread T0 at offset 417 in frame
#0 0x45fb5f in vms ../../hacks/bsod.c:3109
This frame has 4 object(s):
[32, 40) 't'
[96, 160) 'args'
[192, 296) 'lines'
[352, 742) 'uts' <== Memory access at offset 417 is inside this variable
This patch fixes the variables' scopes in question.
---
hacks/bsod.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/hacks/bsod.c b/hacks/bsod.c
index 534f30e..fcb326d 100644
--- a/hacks/bsod.c
+++ b/hacks/bsod.c
@@ -2915,6 +2915,10 @@ hppa_linux (Display *dpy, Window window)
int i = 0;
const char *release, *sysname, *gccversion, *version;
long int linedelay = 0;
+ char ss[1024];
+# ifdef HAVE_UNAME
+ struct utsname uts;
+# endif /* UNAME */
__extension__
struct { long int delay; const char *string; } linux_panic[] =
@@ -3055,7 +3059,6 @@ hppa_linux (Display *dpy, Window window)
version = "#2 Mon Dec 8 06:09:27 GMT 2003";
# ifdef HAVE_UNAME
{
- struct utsname uts;
char *s;
if (uname (&uts) >= 0)
{
@@ -3079,7 +3082,6 @@ hppa_linux (Display *dpy, Window window)
/* Insert current host name into banner on line 2 */
{
- char ss[1024];
snprintf (ss, 1024, linux_panic[1].string,
release, sysname, gccversion, version);
linux_panic[1].string = ss;
@@ -3116,6 +3118,9 @@ vms (Display *dpy, Window window)
char *s, *s1;
int i;
int arg_count;
+# ifdef HAVE_UNAME
+ struct utsname uts;
+# endif /* UNAME */
__extension__
@@ -3188,7 +3193,6 @@ vms (Display *dpy, Window window)
sysname = "VMS001";
# ifdef HAVE_UNAME
{
- struct utsname uts;
if (uname (&uts) >= 0)
sysname = uts.nodename;
s = strchr (sysname, '.');
--
2.13.3