[PATCH pciutils] libpci: Fix intel_sanity_check() function

[PATCH pciutils] libpci: Fix intel_sanity_check() function

[Pali Rohár]

Function intel_sanity_check() calls conf1_read() which access d->domain
field. But intel_sanity_check() does not initialize this field and so
conf1_read() access some random data on stack.

Tests showed that intel_sanity_check() always fails as in d->domain is
stored some non-zero number.

Fix this issue by properly initializing struct pci_dev d and explicitly set
d->domain to zero in intel_sanity_check() as sanity check is verifying PCI
devices at domain 0.
---
 lib/i386-ports.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/i386-ports.c b/lib/i386-ports.c
index b3b752cb1f3f..b5e09dab6002 100644
--- a/lib/i386-ports.c
+++ b/lib/i386-ports.c
@@ -72,7 +72,9 @@ intel_sanity_check(struct pci_access *a, struct pci_methods *m)
 {
   struct pci_dev d;
 
+  memset(&d, 0, sizeof(d));
   a->debug("...sanity check");
+  d.domain = 0;
   d.bus = 0;
   d.func = 0;
   for (d.dev = 0; d.dev < 32; d.dev++)
-- 
2.20.1

Re: [PATCH pciutils] libpci: Fix intel_sanity_check() function

[Martin Mareš]

Hello!

> Function intel_sanity_check() calls conf1_read() which access d->domain
> field. But intel_sanity_check() does not initialize this field and so
> conf1_read() access some random data on stack.
> 
> Tests showed that intel_sanity_check() always fails as in d->domain is
> stored some non-zero number.
> 
> Fix this issue by properly initializing struct pci_dev d and explicitly set
> d->domain to zero in intel_sanity_check() as sanity check is verifying PCI
> devices at domain 0.

Thanks for finding the bug, but it makes little sense to initialize the fields
twice (once by memset, second time by zeroing out individual members). Just
keep the memset.

				Martin

[PATCH v2 pciutils] libpci: Fix intel_sanity_check() function

[Pali Rohár]

Function intel_sanity_check() calls conf1_read() which access d->domain
field. But intel_sanity_check() does not initialize this field and so
conf1_read() access some random data on stack.

Tests showed that intel_sanity_check() always fails as in d->domain is
stored some non-zero number.

Fix this issue by zeroing struct pci_dev d in intel_sanity_check() as
sanity check is verifying PCI devices at domain 0.
---
v2: Remove explicit set of d->domain to zero.
---
 lib/i386-ports.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/i386-ports.c b/lib/i386-ports.c
index b3b752cb1f3f..2f90aa4cee0a 100644
--- a/lib/i386-ports.c
+++ b/lib/i386-ports.c
@@ -72,6 +72,7 @@ intel_sanity_check(struct pci_access *a, struct pci_methods *m)
 {
   struct pci_dev d;
 
+  memset(&d, 0, sizeof(d));
   a->debug("...sanity check");
   d.bus = 0;
   d.func = 0;
-- 
2.20.1

Re: [PATCH v2 pciutils] libpci: Fix intel_sanity_check() function

[Martin Mareš]

Hi!

> Function intel_sanity_check() calls conf1_read() which access d->domain
> field. But intel_sanity_check() does not initialize this field and so
> conf1_read() access some random data on stack.
> 
> Tests showed that intel_sanity_check() always fails as in d->domain is
> stored some non-zero number.
> 
> Fix this issue by zeroing struct pci_dev d in intel_sanity_check() as
> sanity check is verifying PCI devices at domain 0.

Thanks, applied.

				Martin