From sheldonh@axl.training.iafrica.com  Tue Sep  1 11:06:25 1998
Received: from axl.training.iafrica.com (axl.training.iafrica.com [196.31.1.175])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA25490
          for <FreeBSD-gnats-submit@freebsd.org>; Tue, 1 Sep 1998 11:06:18 -0700 (PDT)
          (envelope-from sheldonh@axl.training.iafrica.com)
Received: from sheldonh by axl.training.iafrica.com with local (Exim 1.92 #1)
	for FreeBSD-gnats-submit@freebsd.org
	id 0zDukg-0004Fm-00; Tue, 1 Sep 1998 20:01:58 +0200
Message-Id: <E0zDukg-0004Fm-00@axl.training.iafrica.com>
Date: Tue, 1 Sep 1998 20:01:58 +0200
From: axl@iafrica.com
Sender: Sheldon Hearn <sheldonh@axl.training.iafrica.com>
Reply-To: axl@iafrica.com
To: FreeBSD-gnats-submit@freebsd.org
Subject: kbdcontrol uses uninitialized variable
X-Send-Pr-Version: 3.2

>Number:         7799
>Category:       bin
>Synopsis:       kbdcontrol uses uninitialized variable
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Sep  1 11:10:00 PDT 1998
>Closed-Date:    Tue Sep 22 07:25:06 PDT 1998
>Last-Modified:  Tue Sep 22 07:27:47 PDT 1998
>Originator:     Sheldon Hearn
>Release:        FreeBSD 2.2.7-STABLE i386
>Organization:
UUNET Internet Africa
>Environment:

	FreeBSD 2.2.7-STABLE as of 28 August 1998

>Description:

	When kbdcontrol is used to set keyrates, it passes an
	unititialized variable as an argument to ioctl(). Mostly,
	this is no problem, but under certain conditions that are
	difficult to describe accurately, this will cause the call
	to ioctl() to return EINVAL.

>How-To-Repeat:

	Because of the nature of the fault, I can't think of a way
	to reproduce  this outside of my own environment. However,
	I've attached gdb output from an environment in which the
	error does not occur, followed by gdb output from an
	environment conducive to reproducing this error.

-------- NO PROBLEM:
Script started on Tue Sep  1 19:02:32 1998
GDB is free software and you are welcome to distribute copies of it
 under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.16 (i386-unknown-freebsd), 
Copyright 1996 Free Software Foundation, Inc...
(gdb) set args -r fast </dev/ttyv1
(gdb) break set_keyrates
Breakpoint 1 at 0x3d1c: file kbdcontrol.c, line 814.
(gdb) run
Starting program: /usr/home/sheldonh/bin/kbdcontrol -r fast </dev/ttyv1

Breakpoint 1, set_keyrates (opt=0xefbfddc1 "fast") at kbdcontrol.c:814
814		if (!strcmp(opt, "slow"))
(gdb) next
816		else if (!strcmp(opt, "normal"))
(gdb) next
818		else if (!strcmp(opt, "fast"))
(gdb) next
819			rate.del = rate.rep = 0;
(gdb) next
845		if (ioctl(0, KDSETRAD, rate) < 0)
(gdb) print rate
$1 = {rep = 0, del = 0, pad = 0}
(gdb) next
847	}
(gdb) quit
The program is running.  Quit anyway (and kill it)? (y or n) y

Script done on Tue Sep  1 19:03:21 1998

-------- PROBLEM:
Script started on Tue Sep  1 18:59:38 1998
GDB is free software and you are welcome to distribute copies of it
 under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.16 (i386-unknown-freebsd), 
Copyright 1996 Free Software Foundation, Inc...
(gdb) set args -r fast </dev/ttyv1
(gdb) break set_keyrates
Breakpoint 1 at 0x3d1c: file kbdcontrol.c, line 814.
(gdb) run
Starting program: /usr/home/sheldonh/bin/kbdcontrol -r fast </dev/ttyv1

Breakpoint 1, set_keyrates (opt=0xefbfdd35 "fast") at kbdcontrol.c:814
814		if (!strcmp(opt, "slow"))
(gdb) next
816		else if (!strcmp(opt, "normal"))
(gdb) next
818		else if (!strcmp(opt, "fast"))
(gdb) next
819			rate.del = rate.rep = 0;
(gdb) next
845		if (ioctl(0, KDSETRAD, rate) < 0)
(gdb) print rate
$1 = {rep = 0, del = 0, pad = -1}
(gdb) next
846			warn("setting keyboard rate");
(gdb) next
kbdcontrol: setting keyboard rate: Invalid argument
847	}
(gdb) quit
The program is running.  Quit anyway (and kill it)? (y or n) y

Script done on Tue Sep  1 19:01:00 1998

>Fix:
	
	The following patch ensures that variable passed as an
	argument to ioctl() is always initialized.

--- src/usr.sbin/kbdcontrol/kbdcontrol.c.orig	Fri Aug 28 16:54:53 1998
+++ src/usr.sbin/kbdcontrol/kbdcontrol.c	Tue Sep  1 19:09:30 1998
@@ -842,6 +842,7 @@
 		rate.rep = n;
 	}
 
+	rate.pad = 0;
 	if (ioctl(0, KDSETRAD, rate) < 0)
 		warn("setting keyboard rate");
 }
>Release-Note:
>Audit-Trail:

From: axl@iafrica.com
To: freebsd-gnats-submit@freebsd.org, axl@iafrica.com
Cc:  Subject: Re: bin/7799: kbdcontrol uses uninitialized variable
Date: Fri, 4 Sep 1998 09:52:31 +0200

 > Environment
 > 	FreeBSD 2.2.7-STABLE as of 28 August 1998
 
 I've checked -CURRENT and the sames bug exists in the code for that
 branch too.
State-Changed-From-To: open->closed 
State-Changed-By: yokota 
State-Changed-When: Tue Sep 22 07:25:06 PDT 1998 
State-Changed-Why:  
The correct fix has been committeed to both -CURRENT and -STABLE. 
>Unformatted:
