bpf: fix uninitialized value usage

it was reported by clang with the option -fsanitize=memory: Uninitialized value was created by a heap allocation #0 0x4547ef in realloc (src/crun/tests/tests_libcrun_fuzzer+0x4547ef) seccomp#1 0x7f4900a3a903 in _bpf_append_blk src/libseccomp/src/gen_bpf.c:452:10 seccomp#2 0x7f4900a3a903 in _gen_bpf_build_bpf src/libseccomp/src/gen_bpf.c:2276:8 seccomp#3 0x7f4900a3a903 in gen_bpf_generate src/libseccomp/src/gen_bpf.c:2324:7 Uninitialized value was created by a heap allocation #0 0x4547ef in realloc (src/crun/tests/tests_libcrun_fuzzer+0x4547ef) seccomp#1 0x7f8f755a81c0 in _blk_resize.constprop.0 src/libseccomp/src/gen_bpf.c:362:8 Signed-off-by: Giuseppe Scrivano <[email protected]>
giuseppe · Mar 18, 2021 · 64ebe8e · 64ebe8e
1 parent c305ef3
commit 64ebe8e
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/src/gen_bpf.c b/src/gen_bpf.c
@@ -364,6 +364,7 @@ static struct bpf_blk *_blk_resize(struct bpf_state *state,
 		_blk_free(state, blk);
 		return NULL;
 	}
+	memset(&new[blk->blk_cnt], 0, (blk->blk_alloc - blk->blk_cnt) * sizeof(*new));
 	blk->blks = new;
 
 	return blk;
@@ -452,6 +453,7 @@ static int _bpf_append_blk(struct bpf_program *prg, const struct bpf_blk *blk)
 		goto bpf_append_blk_failure;
 	}
 	prg->blks = i_new;
+	memset(&i_new[prg->blk_cnt - blk->blk_cnt], 0, blk->blk_cnt * sizeof(*(i_new)));
 
 	/* transfer and translate the blocks to raw instructions */
 	for (iter = 0; iter < blk->blk_cnt; iter++) {