global_globber_region_function/line ought to be recorded before

clobbering the region, just in case clobbering causes us to crash
immediately.  (That might happen if we just shot ourselves in the
stack and strcpy was not inlined.)

Also, in DEVELOPER mode and when Valgrind is available, mark the
clobbered region as uninitialized.  This is an even stronger
protection than clobbering with 0xf1.
(This used to be commit 5653a42ae695f4b8f4c14d3184ca76523d38b51b)

1 files changed, 15 insertions, 3 deletions

diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c
index 7643c2807e..b734452867 100644
--- a/source3/lib/util_str.c
+++ b/source3/lib/util_str.c
@@ -424,15 +424,27 @@ size_t count_chars(const char *s,char c)
  *
  * This is meant to catch possible string overflows, even if the
  * actual string copied is not big enough to cause an overflow.
+ *
+ * In addition, under Valgrind the buffer is marked as uninitialized.
  **/
 void clobber_region(const char *fn, unsigned int line, char *dest, size_t len)
 {
 #ifdef DEVELOPER
-	/* F1 is odd and 0xf1f1f1f1 shouldn't be a valid pointer */
-	memset(dest, 0xF1, len);
 	global_clobber_region_function = fn;
 	global_clobber_region_line = line;
-#endif
+
+	/* F1 is odd and 0xf1f1f1f1 shouldn't be a valid pointer */
+	memset(dest, 0xF1, len);
+#ifdef VALGRIND
+	/* Even though we just wrote to this, from the application's
+	 * point of view it is not initialized.
+	 *
+	 * (This is not redundant with the clobbering above.  The
+	 * marking might not actually take effect if we're not running
+	 * under valgrind or not with --client-perms.) */
+	VALGRIND_MAKE_WRITABLE(dest, len);
+#endif /* VALGRIND */
+#endif /* DEVELOPER */
 }