:: Re: [DNG] int essid_alloc is causin…
Etusivu
Poista viesti
Vastaa
Lähettäjä: Rainer Weikusat
Päiväys:  
Vastaanottaja: dng
Aihe: Re: [DNG] int essid_alloc is causing valgrind to report a series of errors
Edward Bartolo <edbarx@???> writes:
> This is another part of the backend code where valgrind is saying:
>
> ==5501== 5 errors in context 1 of 3:
> ==5501== Use of uninitialised value of size 8
> ==5501==    at 0x5172AFC: ____strtod_l_internal (strtod_l.c:889)
> ==5501==    by 0x403856: getRadiatingWifiList (automated_scanner.c:265)
> ==5501==    by 0x403BDC: autoWirelessScanPlus (automated_scanner.c:386)
> ==5501==    by 0x40400D: autoWirelessScanPlus_RN (automated_scanner.c:549)
> ==5501==    by 0x402E2C: main (backend.c:251)
> ==5501==  Uninitialised value was created by a stack allocation
> ==5501==    at 0x4034BB: getRadiatingWifiList (automated_scanner.c:155)

>
>
> The code portion is this:
>                                 tmp_wifi_quality =
> calloc(sizeof(wifi_quality), 1);

>
> Here follows testing of return value from calloc, but I am not quoting it.
>                 
>                 char* substr = strstr((char *) scan_buffer, "Signal level=");
>                 substr = strstr(substr, "=");
>                 char* endstr = strstr(substr + 1, " ");
>                 char tmpstr[MAX_ESSID_LENGTH];
>                 strncpy(tmpstr, substr + 1, endstr - substr - 1);


Considering that substr points to the = immediately before the value,
endstr - substr - 1 is the length of the string between the = and the
next space.

>                 tmpstr[endstr - substr + 1] = '\0';


And endstr - substr + 1 is consequently the length of this string +
2(!). The last char of the number was written to

tmpstr[endstr - substr - 2]

because arrays are 0-based. This followed by an uninitialized byte at

tmpstr[endstr - substr - 1]

another at

tmpstr[endstr - substr]

followed by a 0 at

tmpstr[endstr - substr + 1]

Since new stack pages will be filled with zeroes, this will sometimes
work. It could be fixed by using endstr - substr -1 as offset for the
assignment, however "Was soll der ganze Scheiss?!?"

--------------
#include <stdlib.h>
#include <string.h>
#include <stdio.h>

char const scan_buffer[] = "yadda Signal level=5.9 fff";

#define SIG_LEVEL "Signal level="
#define SIG_PREFIX (sizeof(SIG_LEVEL) - 1)

int main(void)
{
    double d;


    char* substr = strstr((char *) scan_buffer, SIG_LEVEL);
    d = strtod(substr + SIG_PREFIX, NULL);
    printf("%f\n", d);

    
    return 0;
}
--------------


Life is much easier when using features of library functions one is
using anyway.