26 lines
1.1 KiB
Diff
26 lines
1.1 KiB
Diff
|
From 02e7914f70f3afb37b5ebadc65da35e5df47ea8e Mon Sep 17 00:00:00 2001
|
||
|
|
From: Lukas Javorsky <ljavorsk@redhat.com>
|
||
|
|
Date: Mon, 12 Aug 2024 16:14:40 +0200
|
||
|
|
Subject: [PATCH 7/7] Fix uninitialized memory usage in override_sizes by
|
||
|
|
zero-initializing sizes array
|
||
|
|
|
||
|
|
If `strtok` returns `null`, we break early from for-loop before initializing any values to sizes. We then access uninitialized values. Only other case where we break out of the loop is when `lower` is 0, and we do only after adding this 0 to `sizes`. Function `init_size_table` uses "\0" to detect end of the array, so in this case we shouldn't be accessing any uninitialized values.
|
||
|
|
---
|
||
|
|
src/roff/troff/env.cpp | 2 +-
|
||
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||
|
|
|
||
|
|
diff --git a/src/roff/troff/env.cpp b/src/roff/troff/env.cpp
|
||
|
|
index 62c251927..b54df35e9 100644
|
||
|
|
--- a/src/roff/troff/env.cpp
|
||
|
|
+++ b/src/roff/troff/env.cpp
|
||
|
|
@@ -1318,7 +1318,8 @@ void point_size()
|
||
|
|
void override_sizes()
|
||
|
|
{
|
||
|
|
int n = 16;
|
||
|
|
- int *sizes = new int[n];
|
||
|
|
+ int *sizes = new int[n]; // C++03: new int[n]();
|
||
|
|
+ (void) memset(sizes, 0, (n * sizeof(int)));
|
||
|
|
int i = 0;
|
||
|
|
char *buf = read_string();
|
||
|
|
if (!buf)
|