[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #66081] [troff] possible use of uninitialized stack memory
|
From: |
G. Branden Robinson |
|
Subject: |
[bug #66081] [troff] possible use of uninitialized stack memory |
|
Date: |
Thu, 15 Aug 2024 13:26:04 -0400 (EDT) |
Update of bug #66081 (group groff):
Status: In Progress => Fixed
Open/Closed: Open => Closed
Planned Release: None => 1.24.0
_______________________________________________________
Follow-up Comment #1:
Hi Lukas,
I goofed the commit message on this one, and forgot to mark you as the author.
Sorry about that.
The ChangeLog is correct. Also, I altered the patch anyway, to use a
C++98-compatible form of
initialization--[https://en.cppreference.com/w/cpp/language/history direct
initialization didn't come into the language standard until C++03].
commit c77f59e32339183d887300e3198707e4e4ad06dc
Author: G. Branden Robinson <g.branden.robinson@gmail.com>
Date: Wed Aug 14 15:25:00 2024 -0500
[troff]: Fix Savannah #66081.
* src/roff/troff/env.cpp (override_sizes): Zero out heap-allocated
memory prior to use. If `strtok()` returns a null pointer, we break
early from the `for` loop before populating it. The only other case
where we break out of the loop is when `lower` is 0, and we do only
after adding this 0 to `sizes`. Since this memory is then passed to
`font_size::init_size_table()`, which uses a zero integer to detect
the end of the list, we could then access uninitialized memory. [The
user is not required to supply a zero argument to the `sizes` request.
I also revised the patch to use memset(3) instead of (an empty) value
initializer, which is a C++03 feature. --GBR]
Fixes <https://savannah.gnu.org/bugs/?66081>.
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?66081>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
signature.asc
Description: PGP signature