From 2d4b9accda56a78a6741e253967909590c0e7198 Mon Sep 17 00:00:00 2001 From: dv Date: Sat, 10 Feb 2024 12:31:16 +0000 Subject: [PATCH] Prevent use of uninitialized byte in vmd's mmio decoder. The mmio code isn't wired in, but if the ModRM decode fails, byte may be used with an uninitialized value. Properly return an error, but initialize the byte variable as well. Found by smatch, reported by and ok jsg@. --- usr.sbin/vmd/mmio.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/usr.sbin/vmd/mmio.c b/usr.sbin/vmd/mmio.c index 2de5dcefa3a..c5a189d5b85 100644 --- a/usr.sbin/vmd/mmio.c +++ b/usr.sbin/vmd/mmio.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mmio.c,v 1.2 2022/12/28 21:30:19 jmc Exp $ */ +/* $OpenBSD: mmio.c,v 1.3 2024/02/10 12:31:16 dv Exp $ */ /* * Copyright (c) 2022 Dave Voutila @@ -473,7 +473,7 @@ static enum decode_result decode_modrm(struct x86_decode_state *state, struct x86_insn *insn) { enum decode_result res; - uint8_t byte; + uint8_t byte = 0; if (!is_valid_state(state, __func__) || insn == NULL) return (DECODE_ERROR); @@ -486,8 +486,10 @@ decode_modrm(struct x86_decode_state *state, struct x86_insn *insn) case OP_ENC_RM: case OP_ENC_MI: res = next_byte(state, &byte); - if (res == DECODE_ERROR) + if (res == DECODE_ERROR) { log_warnx("%s: failed to get modrm byte", __func__); + break; + } insn->insn_modrm = byte; insn->insn_modrm_valid = 1; break; -- 2.20.1