From: Jean Delvare <jdelvare@suse.de>
To: Linux I2C <linux-i2c@vger.kernel.org>
Cc: Wolfram Sang <wsa+renesas@sang-engineering.com>
Subject: [PATCH 3/3] i2ctransfer: Zero out memory passed to ioctl()
Date: Tue, 13 May 2025 17:35:39 +0200 [thread overview]
Message-ID: <20250513173539.39952965@endymion> (raw)
In-Reply-To: <20250513172119.09548573@endymion>
Valgrind complains that uninitialized memory may be passed to
ioctl():
== Syscall param ioctl(I2C_RDWR) points to uninitialised byte(s)
== at 0x499382B: ioctl (in /lib64/libc.so.6)
== by 0x401957: main (i2ctransfer.c:343)
== Address 0x1ffefff94c is on thread 1's stack
== in frame #1, created by main (i2ctransfer.c:144)
==
== Syscall param ioctl(I2C_RDWR).msgs points to uninitialised byte(s)
== at 0x499382B: ioctl (in /lib64/libc.so.6)
== by 0x401957: main (i2ctransfer.c:343)
== Address 0x1ffefff956 is on thread 1's stack
== in frame #1, created by main (i2ctransfer.c:144)
Zero out the i2c_rdwr_ioctl_data struct as well as the msgs array to
guarantee that no uninitialized memory will ever be passed to the
kernel.
Signed-off-by: Jean Delvare <jdelvare@suse.de>
---
This one is not strictly needed, I can't see any actual bug. However
making valgrind happy seems to be a sane goal, so that we can keep
using it when debugging other issues without getting distracted.
Wolfram, what do you think?
tools/i2ctransfer.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- i2c-tools.orig/tools/i2ctransfer.c
+++ i2c-tools/tools/i2ctransfer.c
@@ -149,8 +149,7 @@ int main(int argc, char *argv[])
enum parse_state state = PARSE_GET_DESC;
unsigned int buf_idx = 0;
- for (i = 0; i < I2C_RDRW_IOCTL_MAX_MSGS; i++)
- msgs[i].buf = NULL;
+ memset(msgs, 0, sizeof(msgs));
/* handle (optional) flags first */
while ((opt = getopt(argc, argv, "abfhvVy")) != -1) {
@@ -334,6 +333,7 @@ int main(int argc, char *argv[])
struct i2c_rdwr_ioctl_data rdwr;
unsigned int print_flags = PRINT_READ_BUF;
+ memset(&rdwr, 0, sizeof(rdwr));
rdwr.msgs = msgs;
rdwr.nmsgs = nmsgs;
nmsgs_sent = ioctl(file, I2C_RDWR, &rdwr);
--
Jean Delvare
SUSE L3 Support
next prev parent reply other threads:[~2025-05-13 15:35 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-13 15:21 [PATCH 1/3] i2ctransfer: Don't free memory which was never allocated Jean Delvare
2025-05-13 15:23 ` [PATCH 2/3] i2ctransfer: Prevent msgs[] overflow with many parameters Jean Delvare
2025-05-19 15:35 ` Wolfram Sang
2025-05-13 15:35 ` Jean Delvare [this message]
2025-05-19 15:36 ` [PATCH 3/3] i2ctransfer: Zero out memory passed to ioctl() Wolfram Sang
2025-05-19 15:31 ` [PATCH 1/3] i2ctransfer: Don't free memory which was never allocated Wolfram Sang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250513173539.39952965@endymion \
--to=jdelvare@suse.de \
--cc=linux-i2c@vger.kernel.org \
--cc=wsa+renesas@sang-engineering.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox