[Webkit-unassigned] [Bug 146729] Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s) in IPC::Connection::sendOutgoingMessage

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Mar 22 08:04:50 PDT 2020


--- Comment #11 from Michael Catanzaro <mcatanzaro at gnome.org> ---
(In reply to Milan Crha from comment #10)
> Maybe some structure padding involved here?

Good job Milan, you got it right! I spent several hours trying to figure out what was wrong here... it was indeed uninitialized struct padding. Normally that's fine because struct padding should never be accessed in normal code, but because we're copying the entire MessageInfo into write(), we write() the whole thing.

I think there's no correctness problem here, because the uninitialized bytes should only be used for struct padding when read() into the receiving process. But we should pack this class anyway to avoid complaints from valgrind.

P.S. packing this struct will result in worse code generation on platforms that disallow unaligned access, but it's surely the right thing to do.

P.S.S. There is another solution: heap allocate the MessageInfo instead of stack allocating it. I'm not sure *why* that fixes the warning, but it does. I opted for packing the struct because I didn't understand why.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200322/e2d23a75/attachment.htm>

More information about the webkit-unassigned mailing list