From fd98239a8beb83a3b3f61513860edb69123828d8 Mon Sep 17 00:00:00 2001
From: Stewart Smith <stewart@linux.vnet.ibm.com>
Date: Tue, 15 Dec 2015 22:51:41 +1100
Subject: fpart/libffs doesn't initialized reserved FFS header to 0

When running the fpart test suite under valgrind, you can see that it
writes unitialized data to disk (pnor) in the very first test:

./fpart/fpart --target /tmp/create.nor --size 64MiB --block 64kb \
  --partition-offset 0x7f0000 --create

This is because libffs.c doesn't properly initialize the reserved area.

Thus, it could contain any old crap sitting around in memory,
essentially making the reserved fields useless.

Somebody will need to audit *EVERY* libffs created thing in the wild
before ever using that reserved space.

==8261== Syscall param write(buf) points to uninitialised byte(s)
==8261==    at 0x4F27C20: __write_nocancel (syscall-template.S:84)
==8261==    by 0x4EAE1DE: _IO_file_write@@GLIBC_2.2.5 (fileops.c:1263)
==8261==    by 0x4EAF978: new_do_write (fileops.c:518)
==8261==    by 0x4EAF978: _IO_do_write@@GLIBC_2.2.5 (fileops.c:494)
==8261==    by 0x4EAD9DF: _IO_file_sync@@GLIBC_2.2.5 (fileops.c:874)
==8261==    by 0x4EA2FEE: fflush (iofflush.c:41)
==8261==    by 0x406D31: ffs_flush (libffs.c:635)
==8261==    by 0x408304: __ffs_fclose (libffs.c:718)
==8261==    by 0x4032D9: __cleanup_ffs (cmd_create.c:108)
==8261==    by 0x4032D9: create.5128 (cmd_create.c:108)
==8261==    by 0x4056D2: command (command.c:229)
==8261==    by 0x403400: command_create (cmd_create.c:118)
==8261==    by 0x4018F8: process_args (main.c:431)
==8261==    by 0x4018F8: main (main.c:565)
==8261==  Address 0x402201c is in a rw- anonymous segment

Fixes: https://github.com/open-power/ffs/issues/11
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
---
 ffs/src/libffs.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ffs/src/libffs.c b/ffs/src/libffs.c
index 7518651..96ba32c 100644
--- a/ffs/src/libffs.c
+++ b/ffs/src/libffs.c
@@ -487,6 +487,10 @@ ffs_t *__ffs_fcreate(FILE *file, off_t offset, uint32_t block_size,
 	self->hdr->block_size = block_size;
 	self->hdr->block_count = block_count;
 	self->hdr->checksum = 0;
+	self->hdr->resvd[0] = 0;
+	self->hdr->resvd[1] = 0;
+	self->hdr->resvd[2] = 0;
+	self->hdr->resvd[3] = 0;
 
 	size_t size = self->count * self->hdr->entry_size;
 
-- 
cgit v1.2.1