39 lines
1.3 KiB
Diff
39 lines
1.3 KiB
Diff
From 5d834359bef6727df82cf4f2c2f3f255145f7785 Mon Sep 17 00:00:00 2001
|
|
From: Jan Grulich <jgrulich@redhat.com>
|
|
Date: Tue, 25 May 2021 14:18:48 +0200
|
|
Subject: [PATCH] CharArray: pre-fill empty array with zeroes
|
|
|
|
CharArray should always be null-terminated. There is a potential
|
|
scenario where this all might lead to crash. In Password we call
|
|
memset(), passing length of the array we get with strlen(), but
|
|
this won't return correct value when the array is not properly
|
|
null-terminated.
|
|
---
|
|
common/rfb/util.h | 7 +++++--
|
|
1 file changed, 5 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/common/rfb/util.h b/common/rfb/util.h
|
|
index 3100f90fd..71caac426 100644
|
|
--- a/common/rfb/util.h
|
|
+++ b/common/rfb/util.h
|
|
@@ -52,14 +52,17 @@ namespace rfb {
|
|
CharArray(char* str) : buf(str) {} // note: assumes ownership
|
|
CharArray(size_t len) {
|
|
buf = new char[len]();
|
|
+ memset(buf, 0, len);
|
|
}
|
|
~CharArray() {
|
|
- delete [] buf;
|
|
+ if (buf) {
|
|
+ delete [] buf;
|
|
+ }
|
|
}
|
|
void format(const char *fmt, ...) __printf_attr(2, 3);
|
|
// Get the buffer pointer & clear it (i.e. caller takes ownership)
|
|
char* takeBuf() {char* tmp = buf; buf = 0; return tmp;}
|
|
- void replaceBuf(char* b) {delete [] buf; buf = b;}
|
|
+ void replaceBuf(char* b) {if (buf) delete [] buf; buf = b;}
|
|
char* buf;
|
|
private:
|
|
CharArray(const CharArray&);
|