From 02e7914f70f3afb37b5ebadc65da35e5df47ea8e Mon Sep 17 00:00:00 2001 From: Lukas Javorsky Date: Mon, 12 Aug 2024 16:14:40 +0200 Subject: [PATCH 7/7] Fix uninitialized memory usage in override_sizes by zero-initializing sizes array If `strtok` returns `null`, we break early from for-loop before initializing any values to sizes. We then access uninitialized values. Only other case where we break out of the loop is when `lower` is 0, and we do only after adding this 0 to `sizes`. Function `init_size_table` uses "\0" to detect end of the array, so in this case we shouldn't be accessing any uninitialized values. --- src/roff/troff/env.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/roff/troff/env.cpp b/src/roff/troff/env.cpp index 62c251927..b54df35e9 100644 --- a/src/roff/troff/env.cpp +++ b/src/roff/troff/env.cpp @@ -1318,7 +1318,8 @@ void point_size() void override_sizes() { int n = 16; - int *sizes = new int[n]; + int *sizes = new int[n]; // C++03: new int[n](); + (void) memset(sizes, 0, (n * sizeof(int))); int i = 0; char *buf = read_string(); if (!buf)