[Gnucash-changes] Chris Shoemaker's patch: Avoid use of unitialized values in guid.c.

Derek Atkins warlord at cvs.gnucash.org
Tue Feb 15 20:03:59 EST 2005


Log Message:
-----------
Chris Shoemaker's patch: Avoid use of unitialized values in guid.c.

	* Avoid use of uninitialized values in guid.c
	  - prevent md5 seeding from using uninitialized stack contents
	  - give used/null GUID recognizable memory signature
	  - add a simple test case that helped testing for use of
	    uninitialized values

Tags:
----
gnucash-gnome2-dev

Modified Files:
--------------
    gnucash:
        ChangeLog
    gnucash/src/engine:
        guid.c
    gnucash/src/engine/test:
        test-guid.c

Revision Data
-------------
Index: ChangeLog
===================================================================
RCS file: /home/cvs/cvsroot/gnucash/ChangeLog,v
retrieving revision 1.1487.2.171
retrieving revision 1.1487.2.172
diff -LChangeLog -LChangeLog -u -r1.1487.2.171 -r1.1487.2.172
--- ChangeLog
+++ ChangeLog
@@ -1,3 +1,12 @@
+2005-02-15  Derek Atkins  <derek at ihtfp.com>
+
+	Chris Shoemaker's patch: Avoid use of unitialized values in guid.c.
+	* Avoid use of uninitialized values in guid.c
+	  - prevent md5 seeding from using uninitialized stack contents
+	  - give used/null GUID recognizable memory signature
+	  - add a simple test case that helped testing for use of
+	    uninitialized values
+
 2005-02-13  Derek Atkins  <derek at ihtfp.com>
 
 	Chris Shoemaker's patch: Fix various memory leaks.
Index: guid.c
===================================================================
RCS file: /home/cvs/cvsroot/gnucash/src/engine/guid.c,v
retrieving revision 1.25.4.6
retrieving revision 1.25.4.7
diff -Lsrc/engine/guid.c -Lsrc/engine/guid.c -u -r1.25.4.6 -r1.25.4.7
--- src/engine/guid.c
+++ src/engine/guid.c
@@ -99,17 +99,18 @@
 const GUID *
 guid_null(void)
 {
-  static int null_inited = (0 == 1);
+  static int null_inited = 0;
   static GUID null_guid;
 
   if (!null_inited)
   {
     int i;
+    char *tmp = "NULLGUID.EMPTY.";
 
     for (i = 0; i < 16; i++)
-      null_guid.data[i] = 0;
+      null_guid.data[i] = tmp[i];
 
-    null_inited = (0 == 0);
+    null_inited = 1;
   }
 
   return &null_guid;
@@ -186,6 +187,7 @@
   size_t file_bytes;
   FILE *fp;
 
+  memset(&stats, 0, sizeof(stats));
   if (stat(filename, &stats) != 0)
     return 0;
 
@@ -244,6 +246,7 @@
     if ((result < 0) || (result >= (int)sizeof(filename)))
       continue;
 
+    memset(&stats, 0, sizeof(stats));
     if (stat(filename, &stats) != 0)
       continue;
     md5_process_bytes(&stats, sizeof(stats), &guid_context);
@@ -298,7 +301,8 @@
 {
   size_t bytes = 0;
 
-  guid_memchunk_init();
+  /* Not needed; taken care of on first malloc.
+   * guid_memchunk_init(); */
 
   md5_init_ctx(&guid_context);
 
@@ -388,6 +392,7 @@
   {
     char string[1024];
 
+    memset(string, 0, sizeof(string));
     gethostname(string, sizeof(string));
     md5_process_bytes(string, sizeof(string), &guid_context);
     bytes += sizeof(string);
Index: test-guid.c
===================================================================
RCS file: /home/cvs/cvsroot/gnucash/src/engine/test/test-guid.c,v
retrieving revision 1.2
retrieving revision 1.2.4.1
diff -Lsrc/engine/test/test-guid.c -Lsrc/engine/test/test-guid.c -u -r1.2 -r1.2.4.1
--- src/engine/test/test-guid.c
+++ src/engine/test/test-guid.c
@@ -16,8 +16,20 @@
 #include "qofid.h"
 #include "qofid-p.h"
 #include "qofsession.h"
+#include "guid.h"
 
+static void test_null_guid(void)
+{
+  GUID g;
+  GUID *gp;
+
+  g = guid_new_return();
+  gp = guid_malloc();
+  guid_new(gp);
 
+  do_test(guid_equal(guid_null(), guid_null()), "null guids equal");
+  do_test(!guid_equal(&g, gp), "two guids equal");
+}
 
 static void
 run_test (void)
@@ -47,6 +59,9 @@
 	 ent->e_type = type;
 	 qof_collection_insert_entity (col, ent);
   }
+
+  /* Make valgrind happy -- destroy the session. */
+  qof_session_destroy(sess);
 }
 
 static void
@@ -55,7 +70,8 @@
   g_log_set_always_fatal( G_LOG_LEVEL_CRITICAL | G_LOG_LEVEL_WARNING );
   do_test((NULL!=gnc_module_load("gnucash/engine", 0)), "couldn't load engine");
 
-  run_test ();
+  test_null_guid();
+  run_test();
 
   print_test_results();
   exit(get_rv());


More information about the gnucash-changes mailing list