From bb6e59459fcb224bcefd26ed8a571a69ebe180d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niklas=20Hamb=C3=BCchen?= Date: Sun, 21 Jul 2024 01:03:34 +0200 Subject: [PATCH] slurp_battery_info: Fix reading uninitialised memory Fixes valgrind-found bug of the `for (walk = buf, ...` loop reading all of `buf` even though `buf` is null-terminated string (an only partly initialised char array). valgrind ./i3status -c ../etc/i3status.conf --run-once Conditional jump or move depends on uninitialised value(s) at 0x40F15A: slurp_battery_info (print_battery_info.c:164) by 0x40FA07: slurp_all_batteries (print_battery_info.c:558) by 0x40FCA6: print_battery_info (print_battery_info.c:612) by 0x409CA2: main (i3status.c:753) --- src/general.c | 3 ++- src/print_battery_info.c | 5 ++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/general.c b/src/general.c index 6036b695..5fbb668c 100644 --- a/src/general.c +++ b/src/general.c @@ -19,7 +19,8 @@ } /* - * Reads size bytes into the destination buffer from filename. + * Reads (size - 1) bytes into the destination buffer from filename, + * and null-terminate it. * * On success, true is returned. Otherwise, false is returned and the content * of destination is left untouched. diff --git a/src/print_battery_info.c b/src/print_battery_info.c index 8864978b..4699c5e0 100644 --- a/src/print_battery_info.c +++ b/src/print_battery_info.c @@ -155,12 +155,15 @@ static bool slurp_battery_info(battery_info_ctx_t *ctx, struct battery_info *bat sprintf(batpath, path, number); INSTANCE(batpath); - if (!slurp(batpath, buf, sizeof(buf))) { + if (!slurp(batpath, buf, sizeof(buf))) { // `slurp()` null-terminates `buf` OUTPUT_FULL_TEXT(format_down); return false; } for (walk = buf, last = buf; (walk - buf) < 1024; walk++) { + if (*walk == '\0') // `*walk` (slice of `buf`) is only initialised until `null` written by `slurp()` + break; + if (*walk == '\n') { last = walk + 1; continue;