Uninitialized read of "errno" in handle_event() in src/modules/stdin-util.c
There is potentially possibility of uninitialized read of "errno" in handle_event() in src/modules/stdin-util.c
The function handle_event() tests errno if read_byte fails (returns -1):
...
if ((opcode = read_byte(u)) < 0) {
if (errno == EINTR || errno == EAGAIN)
break;
...
The problem with above is that read_byte() can fail (return -1) without any guarantee that 'errno' was actually set.
The uninitialized 'errno' read can occur on EOF.
The call flow looks like:
-> read_byte()
-> fill_buf()
-> pa_read()
-> read()
- reads 0 bytes, EOF
<- read() returns 0
<- pa_read() return 0
- fill_buf thinks it's a failure when read returned 0 bytes
<- fill_buf() returns -1 [1]
<- read_byte() returns -1
The 'errno' is neither initialized by read() which returned 0, nor pa_read(), nor other function in the above flow.
The function handle_event() may get -1 from read_byte() and think that the call failed. Subsequently handle_event() reads 'errno', but it might read 'errno' of completely different / unrelated failure in one of previous calls to *libc.
To fix it, one can e.g. set 'errno' to 0 either in fill_buf() before pa_read() is called or in pa_read() itself before read() is called.