-
Notifications
You must be signed in to change notification settings - Fork 324
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
http: fix use-of-uninitialized-value bug #1292
Conversation
Thanks for the patch. The link above is giving me "Permission denied" but I take it it's the following call chain?
|
You are not in the contact.
Yes. bucket = lhq->proto->alloc(lhq->pool, nxt_lvlhsh_bucket_size(lhq->proto));
More Info:
Stack trace
|
Wondering why we don't hit this issue in practice... In lhc.proto,alloc Is set via const nxt_lvlhsh_proto_t nxt_http_fields_hash_proto nxt_aligned(64) = {
NXT_LVLHSH_BUCKET_SIZE(64),
{ NXT_HTTP_FIELD_LVLHSH_SHIFT, 0, 0, 0, 0, 0, 0, 0 },
nxt_http_field_hash_test,
nxt_lvlhsh_alloc,
nxt_lvlhsh_free,
};
...
lhq.proto = &nxt_http_fields_hash_proto; Which results in something like (gdb) p *lhq.proto
$11 = {
bucket_end = 12,
bucket_size = 64,
bucket_mask = 63,
shift = "\005\000\000\000\000\000\000",
test = 0x464350 <nxt_http_field_hash_test>,
alloc = 0x40841a <nxt_lvlhsh_alloc>,
free = 0x40843f <nxt_lvlhsh_free>
} It looks like this step isn't happening in the fuzzing case, which I assume is However I can't immediately see how this is being built.... |
Because I didn't say The Also, my patch isn't new to this codebase; it's already been used. |
Signed-off-by: Arjun <pkillarjun@protonmail.com>
c242dfa
to
d6770b8
Compare
scorched earth; |
oss-fuzz Issue 68458.