bgpd: When creating extra from stack ensure it is zero'ed out

BGP code assumes that the extra data is zero'ed out. Ensure that we are not leaving any situation that the data on the stack is actually all 0's when we pass it around as a pointer later. Please note in issue FRRouting#5025, Lou reported a different valgrind issue, which is not the same issue: ==7313== Conditional jump or move depends on uninitialised value(s) ==7313== at 0x181F9F: subgroup_announce_check (bgp_route.c:1555) ==7313== by 0x1A112B: subgroup_announce_table (bgp_updgrp_adv.c:641) ==7313== by 0x1A1340: subgroup_announce_route (bgp_updgrp_adv.c:704) ==7313== by 0x1A13E3: subgroup_coalesce_timer (bgp_updgrp_adv.c:331) ==7313== by 0x4EBA615: thread_call (thread.c:1531) ==7313== by 0x4E8AC37: frr_run (libfrr.c:1052) ==7313== by 0x1429E0: main (bgp_main.c:486) ==7313== ==7313== Conditional jump or move depends on uninitialised value(s) ==7313== at 0x201C0E: rfapi_vty_out_vncinfo (rfapi_vty.c:429) ==7313== by 0x18D0D6: route_vty_out (bgp_route.c:7481) ==7313== by 0x18DD76: bgp_show_table (bgp_route.c:9365) ==7313== by 0x1930C4: bgp_show_table_rd (bgp_route.c:9471) ==7313== by 0x1932A3: bgp_show (bgp_route.c:9510) ==7313== by 0x193E68: show_ip_bgp_json (bgp_route.c:10284) ==7313== by 0x4E6D024: cmd_execute_command_real.isra.2 (command.c:1072) ==7313== by 0x4E6F51E: cmd_execute_command (command.c:1131) ==7313== by 0x4E6F686: cmd_execute (command.c:1285) ==7313== by 0x4EBF9C4: vty_command (vty.c:516) ==7313== by 0x4EBFB9F: vty_execute (vty.c:1285) ==7313== by 0x4EC250F: vtysh_read (vty.c:2119) ==7313== that is causing the actual crash. Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
SumitAgarwal123 · Nov 19, 2019 · 32ba06f · 32ba06f
1 parent 335f7e6
commit 32ba06f
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c
@@ -1785,9 +1785,9 @@ int subgroup_announce_check(struct bgp_node *rn, struct bgp_path_info *pi,
 
 	/* Route map & unsuppress-map apply. */
 	if (ROUTE_MAP_OUT_NAME(filter) || (pi->extra && pi->extra->suppress)) {
-		struct bgp_path_info rmap_path;
-		struct bgp_path_info_extra dummy_rmap_path_extra;
-		struct attr dummy_attr;
+		struct bgp_path_info rmap_path = {0};
+		struct bgp_path_info_extra dummy_rmap_path_extra = {0};
+		struct attr dummy_attr = {0};
 
 		memset(&rmap_path, 0, sizeof(struct bgp_path_info));
 		rmap_path.peer = peer;

diff --git a/bgpd/rfapi/rfapi_import.c b/bgpd/rfapi/rfapi_import.c
@@ -2179,8 +2179,8 @@ static struct bgp_path_info *rfapiItBiIndexSearch(
 {
 	struct skiplist *sl;
 	int rc;
-	struct bgp_path_info bpi_fake;
-	struct bgp_path_info_extra bpi_extra;
+	struct bgp_path_info bpi_fake = {0};
+	struct bgp_path_info_extra bpi_extra = {0};
 	struct bgp_path_info *bpi_result;
 
 	sl = RFAPI_RDINDEX(rn);