apache
"Dereference of uninitialized pointer variable
Function apr_rmm_init takes a pointer to a lock, and will dereference it this is not NULL. Pointer variable rmm_lock is passed to this function before initialization, causing apr_rmm_init to dereference an arbitrary address."
Bug fixed by commit 1b48bb3c1af
| Type | UninitializedVariable |
| Config | "APU_HAS_LDAP && APR_HAS_SHARED_MEMORY " (2nd degree) |
| Fix-in | code |
| Location | modules/experimental/ |
#include <stdio.h>
void apr_rmm_init(char* rmm_lock)
{
printf("%s\n", rmm_lock);
}
#ifdef APU_HAS_LDAP
void util_ldap_cache_init()
{
char* rmm_lock;
#ifdef APR_HAS_SHARED_MEMORY
apr_rmm_init(rmm_lock); // ERROR: rmm_lock uninitialized
#endif
}
#endif
int main(void)
{
#ifdef APU_HAS_LDAP
util_ldap_cache_init();
#endif
return 0;
}
diff --git a/apache/simple/1b48bb3.c b/apache/simple/1b48bb3.c
--- a/apache/simple/1b48bb3.c
+++ b/apache/simple/1b48bb3.c
@@ -8,10 +8,8 @@ void apr_rmm_init(char* rmm_lock)
#ifdef APU_HAS_LDAP
void util_ldap_cache_init()
{
- char* rmm_lock;
-
#ifdef APR_HAS_SHARED_MEMORY
- apr_rmm_init(rmm_lock); // ERROR: rmm_lock uninitialized
+ apr_rmm_init(NULL); // ERROR: rmm_lock uninitialized
#endif
}
#endif
. call modules/experimental/util_ldap_cache.c:293: apr_status_t util_ldap_cache_init(...) . modules/experimental/util_ldap_cache.c:295: apr_anylock_t rmm_lock; . // rmm_lock is not initialized ... . ERROR modules/experimental/util_ldap_cache.c:306 apr_rmm_init(&util_ldap_rmm, &rmm_lock, ...);