After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 630357 - g_object_new_valist uses uninitialized memory
g_object_new_valist uses uninitialized memory
Status: RESOLVED FIXED
Product: glib
Classification: Platform
Component: gobject
2.27.x
Other Linux
: Normal normal
: ---
Assigned To: gtkdev
gtkdev
Depends on:
Blocks:
 
 
Reported: 2010-09-22 18:26 UTC by Jonas Holmberg
Modified: 2010-11-28 23:28 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
A test that causes access to uninitialized memory (1.84 KB, patch)
2010-09-22 21:12 UTC, Jonas Holmberg
accepted-commit_now Details | Review
memset elements in the array before using them (1.17 KB, patch)
2010-09-22 21:14 UTC, Jonas Holmberg
none Details | Review
memset elements in the array before using them (904 bytes, patch)
2010-09-23 23:24 UTC, Jonas Holmberg
accepted-commit_now Details | Review
Updated test with bug reference (1.87 KB, patch)
2010-11-10 22:07 UTC, Jonas Holmberg
none Details | Review

Description Jonas Holmberg 2010-09-22 18:26:58 UTC
g_object_new_valist preallocs an array of 16 GParameters and initializes the array to 0 with g_new0(). If there are more than 16 args the array is expanded with g_renew but the new elements in the array are not initialized to 0, which leads to use of uninitialized memory when g_value_unset() is called for all values (including unused, uninitialized values) before returning from the function.
Comment 1 Jonas Holmberg 2010-09-22 21:12:41 UTC
Created attachment 170864 [details] [review]
A test that causes access to uninitialized memory

It was actually in g_object_newv (called from _new_valist) the uninitialized memory access was made. If this test is run in valgrind it will show the access to uninitialized memory.
Comment 2 Jonas Holmberg 2010-09-22 21:14:25 UTC
Created attachment 170865 [details] [review]
memset elements in the array before using them

This patch removes the initial memset of the first 16 elements in the array and initializes each element before it's used instead.
Comment 3 Jonas Holmberg 2010-09-22 21:17:21 UTC
Since we discussed it on IRC: setting MALLOC_PERTURB_ does not make the test fail.
Comment 4 Jonas Holmberg 2010-09-23 23:24:54 UTC
Created attachment 170993 [details] [review]
memset elements in the array before using them

New patch to memset all realloced elements instead of each element individually.
Comment 5 Matthias Clasen 2010-11-10 17:59:21 UTC
Review of attachment 170864 [details] [review]:

::: gobject/tests/properties.c
@@ +210,3 @@
+static void
+properties_construct (void)
+{

We should add a bug reference to this test.
Comment 6 Matthias Clasen 2010-11-10 18:00:04 UTC
Review of attachment 170993 [details] [review]:

Looks good to me.
Comment 7 Jonas Holmberg 2010-11-10 22:07:00 UTC
Created attachment 174216 [details] [review]
Updated test with bug reference

Added bug reference to the test.