Skip to content

libqmi-glib,compat: fix invalid memory read on slot EID loading

Aleksander Morgado requested to merge aleksm/libqmi:aleksander/fix-compat-eid-reading into main

This issue affects ModemManager 1.18 running against libqmi from the git main branch.

  ==87057== Invalid read of size 4
  ==87057==    at 0x5017285: g_array_maybe_expand (garray.c:988)
  ==87057==    by 0x50176EF: g_array_append_vals (garray.c:528)
  ==87057==    by 0x4A5ECF6: qmi_message_uim_get_slot_status_output_get_slot_eid_information (qmi-compat.c:2410)
  ==87057==    by 0x2028AC: uim_get_slot_status_ready (mm-shared-qmi.c:3268)
  ==87057==    by 0x4E6BD63: g_task_return_now (gtask.c:1232)
  ==87057==    by 0x4E6FA1C: UnknownInlinedFun (gtask.c:1301)
  ==87057==    by 0x4E6FA1C: g_task_return (gtask.c:1258)
  ==87057==    by 0x4B65956: get_slot_status_ready (qmi-uim.c:22339)
  ==87057==    by 0x4E58522: g_simple_async_result_complete (gsimpleasyncresult.c:804)
  ==87057==    by 0x4E585AD: complete_in_idle_cb (gsimpleasyncresult.c:816)
  ==87057==    by 0x504A81A: UnknownInlinedFun (gmain.c:3444)
  ==87057==    by 0x504A81A: g_main_context_dispatch (gmain.c:4162)
  ==87057==    by 0x50A0EC8: g_main_context_iterate.constprop.0 (gmain.c:4238)
  ==87057==    by 0x5049D7E: g_main_loop_run (gmain.c:4438)
  ==87057==  Address 0x9058870 is 16 bytes inside a block of size 40 free'd
  ==87057==    at 0x484426F: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
  ==87057==    by 0x5014405: array_free (garray.c:486)
  ==87057==    by 0x4A5ECB7: message_uim_get_slot_status_output_clear_slot_eid_information (qmi-compat.c:2358)
  ==87057==    by 0x4A5ECB7: qmi_message_uim_get_slot_status_output_get_slot_eid_information (qmi-compat.c:2402)
  ==87057==    by 0x2028AC: uim_get_slot_status_ready (mm-shared-qmi.c:3268)
  ==87057==    by 0x4E6BD63: g_task_return_now (gtask.c:1232)
  ==87057==    by 0x4E6FA1C: UnknownInlinedFun (gtask.c:1301)
  ==87057==    by 0x4E6FA1C: g_task_return (gtask.c:1258)
  ==87057==    by 0x4B65956: get_slot_status_ready (qmi-uim.c:22339)
  ==87057==    by 0x4E58522: g_simple_async_result_complete (gsimpleasyncresult.c:804)
  ==87057==    by 0x4E585AD: complete_in_idle_cb (gsimpleasyncresult.c:816)
  ==87057==    by 0x504A81A: UnknownInlinedFun (gmain.c:3444)
  ==87057==    by 0x504A81A: g_main_context_dispatch (gmain.c:4162)
  ==87057==    by 0x50A0EC8: g_main_context_iterate.constprop.0 (gmain.c:4238)
  ==87057==    by 0x5049D7E: g_main_loop_run (gmain.c:4438)
  ==87057==  Block was alloc'd at
  ==87057==    at 0x4841888: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
  ==87057==    by 0x50482C9: g_malloc (gmem.c:130)
  ==87057==    by 0x506AD17: g_slice_alloc (gslice.c:1074)
  ==87057==    by 0x5017435: g_array_sized_new (garray.c:273)
  ==87057==    by 0x4A5EC7D: qmi_message_uim_get_slot_status_output_get_slot_eid_information (qmi-compat.c:2399)
  ==87057==    by 0x2028AC: uim_get_slot_status_ready (mm-shared-qmi.c:3268)
  ==87057==    by 0x4E6BD63: g_task_return_now (gtask.c:1232)
  ==87057==    by 0x4E6FA1C: UnknownInlinedFun (gtask.c:1301)
  ==87057==    by 0x4E6FA1C: g_task_return (gtask.c:1258)
  ==87057==    by 0x4B65956: get_slot_status_ready (qmi-uim.c:22339)
  ==87057==    by 0x4E58522: g_simple_async_result_complete (gsimpleasyncresult.c:804)
  ==87057==    by 0x4E585AD: complete_in_idle_cb (gsimpleasyncresult.c:816)
  ==87057==    by 0x504A81A: UnknownInlinedFun (gmain.c:3444)
  ==87057==    by 0x504A81A: g_main_context_dispatch (gmain.c:4162)
Edited by Aleksander Morgado

Merge request reports