On Apr 29, 2024, at 7:19 AM, Michal Ruprich <michalrupr...@gmail.com> wrote:
> I was wondering, whether the mem[BPF_MEMWORDS] array in function > pcapint_filter_with_aux_data in bpf_filter.c should be initialized? If the > switch hits cases BPF_LD|BPF_MEM or BPF_LDX|BPF_MEM the variables A or X are > filled with random uninitialized data from the array. Is it the case that > this never happens before mem is filled with relevant data? Only if an invalid BPF program that does a load from a memory location without storing something there first is used as a filter. The BPF validator in libpcap doesn't check for that. It would require a dataflow analysis, but perhaps it should check for that. _______________________________________________ tcpdump-workers mailing list -- tcpdump-workers@lists.tcpdump.org To unsubscribe send an email to tcpdump-workers-le...@lists.tcpdump.org %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
