Resolve segfault when a new hashtable node is allocated. #20
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In
libmdnsd/xht.c
, at line 110, if a candidate node is not found, a new one is allocated.Around line 116, if
n->flag
is true thenn->u.key
andn->val
are freed. However, since the memory allocated at line 110 was not initialized,n
may contain any kind of data, which may unpredictably causen->flag
to have a nonzero value. When it does, a segfault occurs duringfree(n->u.key)
orfree(n->val)
.Valgrind detects this issue as a conditional jump based on an uninitialized value. (Note that because the initial elements of the
xht_t.zen
member are zeroed during allocation viacalloc
, a hash collision must be created before this behavior can be witnessed. With aprime
value of11
, hash keys"server"
and"version9"
produce the necessary collision. Of course, while this is enough to detect the issue under valgrind, it is not enough to actually trigger the segfault every time because that depends on the random bits in the memory that was allocated.)This pull request resolves the issue by zeroing
n
after its memory is allocated.