bgpd: When creating extra from stack ensure it is zero'ed out

BGP code assumes that the extra data is zero'ed out.  Ensure that we
are not leaving any situation that the data on the stack is actually all
0's when we pass it around as a pointer later.

Please note in issue #5025, Lou reported a different valgrind
issue, which is not the same issue:

==7313== Conditional jump or move depends on uninitialised value(s)
==7313== at 0x181F9F: subgroup_announce_check (bgp_route.c:1555)
==7313== by 0x1A112B: subgroup_announce_table (bgp_updgrp_adv.c:641)
==7313== by 0x1A1340: subgroup_announce_route (bgp_updgrp_adv.c:704)
==7313== by 0x1A13E3: subgroup_coalesce_timer (bgp_updgrp_adv.c:331)
==7313== by 0x4EBA615: thread_call (thread.c:1531)
==7313== by 0x4E8AC37: frr_run (libfrr.c:1052)
==7313== by 0x1429E0: main (bgp_main.c:486)
==7313==
==7313== Conditional jump or move depends on uninitialised value(s)
==7313== at 0x201C0E: rfapi_vty_out_vncinfo (rfapi_vty.c:429)
==7313== by 0x18D0D6: route_vty_out (bgp_route.c:7481)
==7313== by 0x18DD76: bgp_show_table (bgp_route.c:9365)
==7313== by 0x1930C4: bgp_show_table_rd (bgp_route.c:9471)
==7313== by 0x1932A3: bgp_show (bgp_route.c:9510)
==7313== by 0x193E68: show_ip_bgp_json (bgp_route.c:10284)
==7313== by 0x4E6D024: cmd_execute_command_real.isra.2 (command.c:1072)
==7313== by 0x4E6F51E: cmd_execute_command (command.c:1131)
==7313== by 0x4E6F686: cmd_execute (command.c:1285)
==7313== by 0x4EBF9C4: vty_command (vty.c:516)
==7313== by 0x4EBFB9F: vty_execute (vty.c:1285)
==7313== by 0x4EC250F: vtysh_read (vty.c:2119)
==7313==

that is causing the actual crash.

Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>

diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c
index 84d1feca78361384b467ccaf7b520bb3ad7fb7d4..c122df498a0203abb16722cc7b1bebd5dc9aeea3 100644 (file)
--- a/bgpd/bgp_route.c
+++ b/bgpd/bgp_route.c
@@ -1785,9 +1785,9 @@ int subgroup_announce_check(struct bgp_node *rn, struct bgp_path_info *pi,
 
        /* Route map & unsuppress-map apply. */
        if (ROUTE_MAP_OUT_NAME(filter) || (pi->extra && pi->extra->suppress)) {
-               struct bgp_path_info rmap_path;
-               struct bgp_path_info_extra dummy_rmap_path_extra;
-               struct attr dummy_attr;
+               struct bgp_path_info rmap_path = {0};
+               struct bgp_path_info_extra dummy_rmap_path_extra = {0};
+               struct attr dummy_attr = {0};
 
                memset(&rmap_path, 0, sizeof(struct bgp_path_info));
                rmap_path.peer = peer;

diff --git a/bgpd/rfapi/rfapi_import.c b/bgpd/rfapi/rfapi_import.c
index 87a05a4f8c12da32980638b13c4ffed218c03b14..655cf747de541e930de41c417c5fde5e860cc063 100644 (file)
--- a/bgpd/rfapi/rfapi_import.c
+++ b/bgpd/rfapi/rfapi_import.c
@@ -2179,8 +2179,8 @@ static struct bgp_path_info *rfapiItBiIndexSearch(
 {
        struct skiplist *sl;
        int rc;
-       struct bgp_path_info bpi_fake;
-       struct bgp_path_info_extra bpi_extra;
+       struct bgp_path_info bpi_fake = {0};
+       struct bgp_path_info_extra bpi_extra = {0};
        struct bgp_path_info *bpi_result;
 
        sl = RFAPI_RDINDEX(rn);