Fix use of uninitialized xattr structure

The refactor of the xattr table grow code merged all allocation code
paths into realloc(), including the initial allocation. This means that
the xattr structure is used uninitialized. This commit makes sure the
reallocated structure is alwayes cleared.

Bug found using scan-build.

Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>

1 files changed, 13 insertions, 3 deletions

diff --git a/lib/fstree/xattr.c b/lib/fstree/xattr.c
index cc84cea..38f7703 100644
--- a/lib/fstree/xattr.c
+++ b/lib/fstree/xattr.c
@@ -23,8 +23,16 @@ static void remove_from_list(fstree_t *fs, tree_xattr_t *xattr)
 
 static tree_xattr_t *grow_xattr_block(tree_xattr_t *xattr)
 {
-	size_t count = (xattr == NULL) ? 4 : (xattr->max_attr * 2);
-	void *new = realloc(xattr, sizeof(*xattr) + sizeof(uint64_t) * count);
+	size_t new_size, old_size = 0, new_count = 4;
+	void *new;
+
+	if (xattr != NULL) {
+		new_count = xattr->max_attr * 2;
+		old_size = sizeof(*xattr) + sizeof(uint64_t) * xattr->max_attr;
+	}
+
+	new_size = sizeof(*xattr) + sizeof(uint64_t) * new_count;
+	new = realloc(xattr, new_size);
 
 	if (new == NULL) {
 		perror("adding extended attributes");
@@ -32,8 +40,10 @@ static tree_xattr_t *grow_xattr_block(tree_xattr_t *xattr)
 		return NULL;
 	}
 
+	memset((char *)new + old_size, 0, new_size - old_size);
+
 	xattr = new;
-	xattr->max_attr = count;
+	xattr->max_attr = new_count;
 	return xattr;
 }