search

ros / ros_comm

ROS communications-related packages, including core client libraries (roscpp, rospy, roslisp) and graph introspection tools (rostopic, rosnode, rosservice, rosparam).
http://wiki.ros.org/ros_comm
752 stars 911 forks source link

Code in TransportTCP::getClientURI depends on uninitialized value #2251

Open roversch opened 2 years ago

roversch commented 2 years ago

I'm on noetic, version is 1.15.14-1focal.20220106.235155

valgrind is reporting usage of uninitialized memory in the following line in TransportTCP::getClientURI():

  switch (sas.ss_family)

Indeed, the ss_family is never set (IPv4 or IPv6).

A possible solution could use getaddrinfo.

Valgrind log:

==1146017== Thread 2:
==1146017== Conditional jump or move depends on uninitialised value(s)
==1146017==    at 0x4CAF25F: ros::TransportTCP::getClientURI[abi:cxx11]() (transport_tcp.cpp:783)
==1146017==    by 0x4CAFB17: ros::TransportTCP::initializeSocket() (transport_tcp.cpp:116)
==1146017==    by 0x4CB2225: ros::TransportTCP::accept() (transport_tcp.cpp:681)
==1146017==    by 0x4CB4EBF: ros::TransportTCP::socketUpdate(int) (transport_tcp.cpp:712)
==1146017==    by 0x4CE8F66: operator() (function_template.hpp:763)
==1146017==    by 0x4CE8F66: ros::PollSet::update(int) (poll_set.cpp:255)
==1146017==    by 0x4C7ADBC: ros::PollManager::threadFunc() (poll_manager.cpp:88)
==1146017==    by 0x5A7343A: thread_proxy (thread.cpp:179)
==1146017==    by 0x4DAE608: start_thread (pthread_create.c:477)
==1146017==    by 0x50E7132: clone (clone.S:95)