bug-ncurses
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

use of unitialized variable in read_entry.c


From: Wolfgang Rohdewald
Subject: use of unitialized variable in read_entry.c
Date: Tue, 21 Jan 2003 21:48:12 +0100
User-agent: KMail/1.5

I wonder why it took gnu.org more than 10 hours to register me
for this mailing list... Now that I am registered, another try:

found by valgrind in ncurses 5.3:

>> at line 200:
    /* grab the name (a null-terminate string) */
>> here, buf can contain anything
    read(fd, buf, min(MAX_NAME_SIZE, (unsigned) name_size));
>> if name_size < MAX_NAME_SIZE, buf[name_size..MAX_NAME_SIZE-1] is still 
>> unitialized
    buf[MAX_NAME_SIZE] = '\0';
>> it still is.
    ptr->term_names = typeCalloc(char, strlen(buf) + 1);
>> strlen(buf) reaches buf[name_size] which is unitialized.

So if buf[name_size] etc. contain something !=0 
term_names has garbage added to its end.

My proposal: add a memset:

Wolfgang

--- read_entry.c.org    Tue Jan 21 07:46:23 2003
+++ read_entry.c        Tue Jan 21 07:47:04 2003
@@ -198,6 +198,7 @@
     }

     /* grab the name (a null-terminate string) */
+    memset(buf,0,MAX_NAME_SIZE);
     read(fd, buf, min(MAX_NAME_SIZE, (unsigned) name_size));
     buf[MAX_NAME_SIZE] = '\0';
     ptr->term_names = typeCalloc(char, strlen(buf) + 1);





reply via email to

[Prev in Thread] Current Thread [Next in Thread]