[nginx] Fixed Valgrind complaints about uninitialized values.

Maxim Dounin mdounin at mdounin.ru
Fri May 31 02:27:58 UTC 2024 

details:   http://freenginx.org/hg/nginx/rev/f53146df9a47
branches:  
changeset: 9278:f53146df9a47
user:      Maxim Dounin <mdounin at mdounin.ru>
date:      Fri May 31 04:38:09 2024 +0300
description:
Fixed Valgrind complaints about uninitialized values.

In ngx_http_source_charset(), name->data was left uninitialized, and
only name->len was set.  Since it is used in debug logging, this resulted
in the following complaints from Valgrind on systems with musl libc:

==42== Conditional jump or move depends on uninitialised value(s)
==42==    at 0x12BC66: memcpy (string.h:51)
==42==    by 0x12BC66: ngx_sprintf_str (ngx_string.c:586)
==42==    by 0x12C03C: ngx_vslprintf (ngx_string.c:255)
==42==    by 0x127694: ngx_log_error_core (ngx_log.c:135)
==42==    by 0x1B8795: ngx_http_charset_header_filter (ngx_http_charset_filter_module.c:252)

Similarly, ngx_http_split_args() returned uninitialized arg->data, which
was then copied to r->args, and also used in debug logging:

==42== Conditional jump or move depends on uninitialised value(s)
==42==    at 0x12BC10: memcpy (string.h:50)
==42==    by 0x12BC10: ngx_sprintf_str (ngx_string.c:586)
==42==    by 0x12C03C: ngx_vslprintf (ngx_string.c:255)
==42==    by 0x127694: ngx_log_error_core (ngx_log.c:135)
==42==    by 0x184EFB: ngx_http_internal_redirect (ngx_http_core_module.c:2526)
==42==    by 0x1D8CCC: ngx_http_try_files_handler (ngx_http_try_files_module.c:209)

Fix is to initialize data to NULL.  Note that, while memcpy(p, NULL, 0)
is also formally undefined now, it is used in multiple places in the code,
and expected to be allowed in C2y (see WG14 proposals N3177, N3261,
"Allow zero length operations on null pointers").

Prodded by Valgrind.

diffstat:

 src/http/modules/ngx_http_charset_filter_module.c |  1 +
 src/http/ngx_http_parse.c                         |  1 +
 2 files changed, 2 insertions(+), 0 deletions(-)

diffs (22 lines):

diff --git a/src/http/modules/ngx_http_charset_filter_module.c b/src/http/modules/ngx_http_charset_filter_module.c
--- a/src/http/modules/ngx_http_charset_filter_module.c
+++ b/src/http/modules/ngx_http_charset_filter_module.c
@@ -438,6 +438,7 @@ ngx_http_source_charset(ngx_http_request
 
     if (charset == NGX_HTTP_CHARSET_OFF) {
         name->len = 0;
+        name->data = NULL;
         return charset;
     }
 
diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c
--- a/src/http/ngx_http_parse.c
+++ b/src/http/ngx_http_parse.c
@@ -2146,6 +2146,7 @@ ngx_http_split_args(ngx_http_request_t *
 
     } else {
         args->len = 0;
+        args->data = NULL;
     }
 }

More information about the nginx-devel mailing list