stack Uninitialised value was created by a stack allocation

Question

The code below unicasts a udp packet with some information. I get

Syscall param socketcall.sendto(msg) points to uninitialised byte(s)  in main in main.c:104

and

Address 0xbec64e7b is on thread 1's stack Uninitialised value was created by a stack allocation  1: log_msg_send in main.c:29

message from valgrind when I pass data into the function below.

Could anyone tell me what is uninitialized?

Code:

#define BUFSIZE 512

void log_msg_send(char *message, char *next_hop)
{ // line 29***************************

  int r = 0, error_count = 0;

  struct sockaddr_in si_other;
  int s, slen = sizeof(si_other);
  char buf[strlen(message) + 1];
  strcpy(buf, message);
  buf[strlen(message)] = '\0';
  if ((s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1)
  {
    fprintf(stderr, "socket() failed - line817\n");
    exit(1);
  }

  memset((char *) &si_other, 0, sizeof(si_other));
  si_other.sin_family = AF_INET;
  si_other.sin_port = htons(12345);

  /****************NORMALIZE THE DOT IPV4 ADDRESS********************/ //eg. 010.000.001.050 = 10.0.1.50
  int parts[4];
  sscanf(next_hop, "%d.%d.%d.%d", parts + 0, parts + 1, parts + 2, parts + 3);
  char *out = NULL;
  asprintf(&out, "%d.%d.%d.%d", parts[0], parts[1], parts[2], parts[3]);
  /****************NORMALIZE THE DOT IPV4 ADDRESS_END****************/

  if (inet_aton(out, &si_other.sin_addr) == 0)
  {
    fprintf(stderr, "inet_aton() failed - line 825\n");
    exit(1);
  }

  if (sendto(s, buf, BUFSIZE, 0, (struct sockaddr *) &si_other, slen) == -1)
  {
    fprintf(stderr, "sendto() failed - line830\n");
    exit(1);
  }
  free(out);

  r = close(s);
  while (r < 0)
  { //error handling for sendto
    usleep(500000);
    if (++error_count == 20)
    { //10 times itteration
      fprintf(stderr, "errno:%s - socket closing error - line 1091\n ",
          strerror(errno));
      exit(1);
    }
    r = close(s);
  }
  error_count = 0;

}

int main()
{
  char nexthop[16] = "010.105.001.204";
  char *gateway_ID[2] =
  { "010.203.005.012", "010.235.011.041" };
  char message[720] =
  { '\0' }; // 20 msg
  char msg_to_send[1000] =
  { '\0' };
  srand(time(NULL));
  int no_of_nodes = 0;
  int i;

  while (1)
  {
    memset(message, 0, sizeof(message));
    memset(msg_to_send, 0, sizeof(msg_to_send));
    no_of_nodes = rand() % 19 + 1;

    for (i = 0; i < no_of_nodes; ++i)
    { //prepare the message
      if (i == 0)
      {
        sprintf(message, "100.100.100.%03d%d%02d", (rand() % 255), (rand() % 3),
            (rand() % 100));
      }
      else
      {
        sprintf(message, "%s100.100.100.%03d%d%02d", message, (rand() % 255),
            (rand() % 3), (rand() % 100));
      }

    }

    snprintf(msg_to_send, 2 + 16 + 5 + strlen(message) + 1, "12%s%05d%s",
        gateway_ID[(rand() % 2)], strlen(message), message);
    //     printf("%s\n\n",msg_to_send);
    log_msg_send(msg_to_send, nexthop); // line 104 ********************************

    // usleep(15000);
  }

  return 0;
}

Answer 1

I had an error like that in a program. Turns out Valgrind was complaining about me using sscanf() on a char* which was not \0 terminated, even though I was supposedly reading only until a \n, like bellow.

sscanf(buf, "%[^\n]", str);

Answer 2

I'd say Valgrind complains about the code missing to fully initialise char buf[strlen(message) + 1] in log_msg_send().

To fix this just add

memset(buf, 0, sizeof(buf));

after buf's declaration.

---

Also the code is not passing the correct size of the buffer to sendto().

To fix size this change:

if (sendto(s, buf, BUFSIZE, 0, (struct sockaddr *) &si_other, slen) == -1)

to be:

if (sendto(s, buf, sizeof(buf), 0, (struct sockaddr *) &si_other, slen) == -1)

---

Finally, not related to the Valgrind issue:

• The last parameter to sendto() shall be socklen_t.

• The printf() getting passed the result of strlen() requires the z length modifier as it's receiving size_t.