GNOME Bugzilla – Bug 630357
g_object_new_valist uses uninitialized memory
Last modified: 2010-11-28 23:28:55 UTC
g_object_new_valist preallocs an array of 16 GParameters and initializes the array to 0 with g_new0(). If there are more than 16 args the array is expanded with g_renew but the new elements in the array are not initialized to 0, which leads to use of uninitialized memory when g_value_unset() is called for all values (including unused, uninitialized values) before returning from the function.
Created attachment 170864 [details] [review] A test that causes access to uninitialized memory It was actually in g_object_newv (called from _new_valist) the uninitialized memory access was made. If this test is run in valgrind it will show the access to uninitialized memory.
Created attachment 170865 [details] [review] memset elements in the array before using them This patch removes the initial memset of the first 16 elements in the array and initializes each element before it's used instead.
Since we discussed it on IRC: setting MALLOC_PERTURB_ does not make the test fail.
Created attachment 170993 [details] [review] memset elements in the array before using them New patch to memset all realloced elements instead of each element individually.
Review of attachment 170864 [details] [review]: ::: gobject/tests/properties.c @@ +210,3 @@ +static void +properties_construct (void) +{ We should add a bug reference to this test.
Review of attachment 170993 [details] [review]: Looks good to me.
Created attachment 174216 [details] [review] Updated test with bug reference Added bug reference to the test.