From 8d6393ce8fc045edbe94435498b99ce28d190346 Mon Sep 17 00:00:00 2001 From: Donald Sharp Date: Wed, 9 Oct 2019 20:19:56 -0400 Subject: [PATCH] bgpd: When creating extra from stack ensure it is zero'ed out BGP code assumes that the extra data is zero'ed out. Ensure that we are not leaving any situation that the data on the stack is actually all 0's when we pass it around as a pointer later. Please note in issue #5025, Lou reported a different valgrind issue, which is not the same issue: ==7313== Conditional jump or move depends on uninitialised value(s) ==7313== at 0x181F9F: subgroup_announce_check (bgp_route.c:1555) ==7313== by 0x1A112B: subgroup_announce_table (bgp_updgrp_adv.c:641) ==7313== by 0x1A1340: subgroup_announce_route (bgp_updgrp_adv.c:704) ==7313== by 0x1A13E3: subgroup_coalesce_timer (bgp_updgrp_adv.c:331) ==7313== by 0x4EBA615: thread_call (thread.c:1531) ==7313== by 0x4E8AC37: frr_run (libfrr.c:1052) ==7313== by 0x1429E0: main (bgp_main.c:486) ==7313== ==7313== Conditional jump or move depends on uninitialised value(s) ==7313== at 0x201C0E: rfapi_vty_out_vncinfo (rfapi_vty.c:429) ==7313== by 0x18D0D6: route_vty_out (bgp_route.c:7481) ==7313== by 0x18DD76: bgp_show_table (bgp_route.c:9365) ==7313== by 0x1930C4: bgp_show_table_rd (bgp_route.c:9471) ==7313== by 0x1932A3: bgp_show (bgp_route.c:9510) ==7313== by 0x193E68: show_ip_bgp_json (bgp_route.c:10284) ==7313== by 0x4E6D024: cmd_execute_command_real.isra.2 (command.c:1072) ==7313== by 0x4E6F51E: cmd_execute_command (command.c:1131) ==7313== by 0x4E6F686: cmd_execute (command.c:1285) ==7313== by 0x4EBF9C4: vty_command (vty.c:516) ==7313== by 0x4EBFB9F: vty_execute (vty.c:1285) ==7313== by 0x4EC250F: vtysh_read (vty.c:2119) ==7313== that is causing the actual crash. Signed-off-by: Donald Sharp --- bgpd/bgp_route.c | 6 +++--- bgpd/rfapi/rfapi_import.c | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c index 84d1feca78..c122df498a 100644 --- a/bgpd/bgp_route.c +++ b/bgpd/bgp_route.c @@ -1785,9 +1785,9 @@ int subgroup_announce_check(struct bgp_node *rn, struct bgp_path_info *pi, /* Route map & unsuppress-map apply. */ if (ROUTE_MAP_OUT_NAME(filter) || (pi->extra && pi->extra->suppress)) { - struct bgp_path_info rmap_path; - struct bgp_path_info_extra dummy_rmap_path_extra; - struct attr dummy_attr; + struct bgp_path_info rmap_path = {0}; + struct bgp_path_info_extra dummy_rmap_path_extra = {0}; + struct attr dummy_attr = {0}; memset(&rmap_path, 0, sizeof(struct bgp_path_info)); rmap_path.peer = peer; diff --git a/bgpd/rfapi/rfapi_import.c b/bgpd/rfapi/rfapi_import.c index 87a05a4f8c..655cf747de 100644 --- a/bgpd/rfapi/rfapi_import.c +++ b/bgpd/rfapi/rfapi_import.c @@ -2179,8 +2179,8 @@ static struct bgp_path_info *rfapiItBiIndexSearch( { struct skiplist *sl; int rc; - struct bgp_path_info bpi_fake; - struct bgp_path_info_extra bpi_extra; + struct bgp_path_info bpi_fake = {0}; + struct bgp_path_info_extra bpi_extra = {0}; struct bgp_path_info *bpi_result; sl = RFAPI_RDINDEX(rn); -- 2.39.5