[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
use of unitialized variable in read_entry.c
From: |
Wolfgang Rohdewald |
Subject: |
use of unitialized variable in read_entry.c |
Date: |
Tue, 21 Jan 2003 21:48:12 +0100 |
User-agent: |
KMail/1.5 |
I wonder why it took gnu.org more than 10 hours to register me
for this mailing list... Now that I am registered, another try:
found by valgrind in ncurses 5.3:
>> at line 200:
/* grab the name (a null-terminate string) */
>> here, buf can contain anything
read(fd, buf, min(MAX_NAME_SIZE, (unsigned) name_size));
>> if name_size < MAX_NAME_SIZE, buf[name_size..MAX_NAME_SIZE-1] is still
>> unitialized
buf[MAX_NAME_SIZE] = '\0';
>> it still is.
ptr->term_names = typeCalloc(char, strlen(buf) + 1);
>> strlen(buf) reaches buf[name_size] which is unitialized.
So if buf[name_size] etc. contain something !=0
term_names has garbage added to its end.
My proposal: add a memset:
Wolfgang
--- read_entry.c.org Tue Jan 21 07:46:23 2003
+++ read_entry.c Tue Jan 21 07:47:04 2003
@@ -198,6 +198,7 @@
}
/* grab the name (a null-terminate string) */
+ memset(buf,0,MAX_NAME_SIZE);
read(fd, buf, min(MAX_NAME_SIZE, (unsigned) name_size));
buf[MAX_NAME_SIZE] = '\0';
ptr->term_names = typeCalloc(char, strlen(buf) + 1);