Re: Question about an uninitialized array in bpf_filter

[Guy Harris <gharris () sonic net>]

On Apr 29, 2024, at 7:19 AM, Michal Ruprich <michalruprich () gmail com> wrote:

> I was wondering, whether the mem[BPF_MEMWORDS] array in function pcapint_filter_with_aux_data in bpf_filter.c should 
> be initialized? If the switch hits cases BPF_LD|BPF_MEM or BPF_LDX|BPF_MEM the variables A or X are filled with 
> random uninitialized data from the array. Is it the case that this never happens before mem is filled with relevant 
> data?

Only if an invalid BPF program that does a load from a memory location without storing something there first is used as 
a filter.

The BPF validator in libpcap doesn't check for that.  It would require a dataflow analysis, but perhaps it should check 
for that.
_______________________________________________
tcpdump-workers mailing list -- tcpdump-workers () lists tcpdump org
To unsubscribe send an email to tcpdump-workers-leave () lists tcpdump org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s