From 9777751e90b3dee5760e09a9aba36ed017cb2ad9 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Thu, 18 Mar 2021 16:28:54 +0100
Subject: [PATCH] bpf: fix uninitialized value usage

it was reported by clang with the option -fsanitize=memory:

Uninitialized bytes in MemcmpInterceptorCommon at offset 0 inside [0x7070000002a0, 56)
==3791089==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x482a2c in memcmp (fuzzer+0x482a2c)
    #1 0x7fed2f120ebb in _hsh_add src/libseccomp/src/gen_bpf.c:598:9
    #2 0x7fed2f121715 in _gen_bpf_action_hsh src/libseccomp/src/gen_bpf.c:796:6
    #3 0x7fed2f121a53 in _gen_bpf_node src/libseccomp/src/gen_bpf.c:831:11
    #4 0x7fed2f121a53 in _gen_bpf_chain.isra.0 src/libseccomp/src/gen_bpf.c:1072:13
    #5 0x7fed2f121f16 in _gen_bpf_chain_lvl_res src/libseccomp/src/gen_bpf.c:977:12
    #6 0x7fed2f121c74 in _gen_bpf_chain.isra.0 src/libseccomp/src/gen_bpf.c:1124:12
    #7 0x7fed2f12253c in _gen_bpf_syscall src/libseccomp/src/gen_bpf.c:1520:10
    #8 0x7fed2f12253c in _gen_bpf_syscalls src/libseccomp/src/gen_bpf.c:1615:18
    #9 0x7fed2f12253c in _gen_bpf_arch src/libseccomp/src/gen_bpf.c:1683:7
    #10 0x7fed2f12253c in _gen_bpf_build_bpf src/libseccomp/src/gen_bpf.c:2056:11
    #11 0x7fed2f12253c in gen_bpf_generate src/libseccomp/src/gen_bpf.c:2321:7
    #12 0x7fed2f11f41c in seccomp_export_bpf src/libseccomp/src/api.c:724:7

  Uninitialized value was created by a heap allocation
    #0 0x4547ef in realloc (fuzzer+0x4547ef)
    #1 0x7fed2f121244 in _blk_resize src/libseccomp/src/gen_bpf.c:362:8
    #2 0x7fed2f121244 in _blk_append src/libseccomp/src/gen_bpf.c:394:6

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 src/gen_bpf.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/gen_bpf.c b/src/gen_bpf.c
index 6961d09f..3787b7b0 100644
--- a/src/gen_bpf.c
+++ b/src/gen_bpf.c
@@ -364,6 +364,7 @@ static struct bpf_blk *_blk_resize(struct bpf_state *state,
 		_blk_free(state, blk);
 		return NULL;
 	}
+	memset(&new[blk->blk_cnt], 0, (blk->blk_alloc - blk->blk_cnt) * sizeof(*new));
 	blk->blks = new;
 
 	return blk;
@@ -452,6 +453,7 @@ static int _bpf_append_blk(struct bpf_program *prg, const struct bpf_blk *blk)
 		goto bpf_append_blk_failure;
 	}
 	prg->blks = i_new;
+	memset(&i_new[prg->blk_cnt - blk->blk_cnt], 0, blk->blk_cnt * sizeof(*(i_new)));
 
 	/* transfer and translate the blocks to raw instructions */
 	for (iter = 0; iter < blk->blk_cnt; iter++) {