Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s) in IPC::Connection::sendOutgoingMessage
https://bugs.webkit.org/show_bug.cgi?id=146729
Patch by Michael Catanzaro <mcatanzaro@gnome.org> on 2020-03-26
Reviewed by Carlos Garcia Campos.
The entire MessageInfo is passed to write(), so we have to zero the padding bytes to avoid
writing uninitialized memory.
* Platform/IPC/unix/UnixMessage.h:
(IPC::MessageInfo::MessageInfo):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@259037 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog
index 045d30e..260ef4a 100644
--- a/Source/WebKit/ChangeLog
+++ b/Source/WebKit/ChangeLog
@@ -1,3 +1,16 @@
+2020-03-26 Michael Catanzaro <mcatanzaro@gnome.org>
+
+ Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s) in IPC::Connection::sendOutgoingMessage
+ https://bugs.webkit.org/show_bug.cgi?id=146729
+
+ Reviewed by Carlos Garcia Campos.
+
+ The entire MessageInfo is passed to write(), so we have to zero the padding bytes to avoid
+ writing uninitialized memory.
+
+ * Platform/IPC/unix/UnixMessage.h:
+ (IPC::MessageInfo::MessageInfo):
+
2020-03-25 Timothy Horton <timothy_horton@apple.com>
Unable to build WebKit with iOS 13.4 SDK
diff --git a/Source/WebKit/Platform/IPC/unix/UnixMessage.h b/Source/WebKit/Platform/IPC/unix/UnixMessage.h
index 6e98a73..243ce99 100644
--- a/Source/WebKit/Platform/IPC/unix/UnixMessage.h
+++ b/Source/WebKit/Platform/IPC/unix/UnixMessage.h
@@ -34,12 +34,18 @@
class MessageInfo {
public:
- MessageInfo() = default;
+ MessageInfo()
+ {
+ // The entire MessageInfo is passed to write(), so we have to zero our
+ // padding bytes to avoid writing uninitialized memory.
+ memset(this, 0, sizeof(*this));
+ }
MessageInfo(size_t bodySize, size_t initialAttachmentCount)
- : m_bodySize(bodySize)
- , m_attachmentCount(initialAttachmentCount)
{
+ memset(this, 0, sizeof(*this));
+ m_bodySize = bodySize;
+ m_attachmentCount = initialAttachmentCount;
}
void setBodyOutOfLine()
