Skip to content

hwcaps: dont return an uninitialized hwcap on elf_aux_info failure#466

Open
EylonKrause wants to merge 1 commit into
google:mainfrom
EylonKrause:fix/freebsd-hwcap-uninit
Open

hwcaps: dont return an uninitialized hwcap on elf_aux_info failure#466
EylonKrause wants to merge 1 commit into
google:mainfrom
EylonKrause:fix/freebsd-hwcap-uninit

Conversation

@EylonKrause

Copy link
Copy Markdown

Description

On FreeBSD/OpenBSD, GetElfHwcapFromElfAuxInfo reads the ELF hwcaps via elf_aux_info:

static unsigned long GetElfHwcapFromElfAuxInfo(int hwcap_type) {
  unsigned long hwcap;
  elf_aux_info(hwcap_type, &hwcap, sizeof(hwcap));
  return hwcap;
}

hwcap is uninitialized and the elf_aux_info return value is ignored. elf_aux_info only writes *buf on success; when the requested entry is absent it returns non-zero and leaves the buffer untouched. CpuFeatures_GetHardwareCapabilities requests AT_HWCAP2 unconditionally, and AT_HWCAP2 is genuinely absent on some arch/kernel combinations — so on those, this returns an indeterminate stack value, which is then bit-tested for CPU features → non-deterministic false detection.

Fix

Initialize hwcap = 0 and return 0 when elf_aux_info fails, mirroring the Linux getauxval path (which returns 0 when the entry is unavailable).

Testing

FreeBSD/OpenBSD-only path, so not exercised on this Linux host; the fix is a straightforward initialize + return-check (the uninitialized read is clear from the source).

On FreeBSD/OpenBSD, GetElfHwcapFromElfAuxInfo left `hwcap` uninitialized and
ignored the elf_aux_info() return value. elf_aux_info() only writes the output
buffer on success; when the requested entry is absent (e.g. AT_HWCAP2, which
CpuFeatures_GetHardwareCapabilities requests unconditionally, on arch/kernel
combinations that lack it) it returns non-zero and leaves the buffer untouched,
so the function returned an indeterminate stack value that is then bit-tested
for CPU features. Initialize to 0 and return 0 on failure, matching the Linux
getauxval path.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant