From 00e4e502a9ff5a60df07e54d344123347da32e80 Mon Sep 17 00:00:00 2001 From: David Oberhollenzer Date: Mon, 1 Jul 2019 09:20:10 +0200 Subject: Fix use of uninitialized xattr structure The refactor of the xattr table grow code merged all allocation code paths into realloc(), including the initial allocation. This means that the xattr structure is used uninitialized. This commit makes sure the reallocated structure is alwayes cleared. Bug found using scan-build. Signed-off-by: David Oberhollenzer --- lib/fstree/xattr.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/fstree/xattr.c b/lib/fstree/xattr.c index cc84cea..38f7703 100644 --- a/lib/fstree/xattr.c +++ b/lib/fstree/xattr.c @@ -23,8 +23,16 @@ static void remove_from_list(fstree_t *fs, tree_xattr_t *xattr) static tree_xattr_t *grow_xattr_block(tree_xattr_t *xattr) { - size_t count = (xattr == NULL) ? 4 : (xattr->max_attr * 2); - void *new = realloc(xattr, sizeof(*xattr) + sizeof(uint64_t) * count); + size_t new_size, old_size = 0, new_count = 4; + void *new; + + if (xattr != NULL) { + new_count = xattr->max_attr * 2; + old_size = sizeof(*xattr) + sizeof(uint64_t) * xattr->max_attr; + } + + new_size = sizeof(*xattr) + sizeof(uint64_t) * new_count; + new = realloc(xattr, new_size); if (new == NULL) { perror("adding extended attributes"); @@ -32,8 +40,10 @@ static tree_xattr_t *grow_xattr_block(tree_xattr_t *xattr) return NULL; } + memset((char *)new + old_size, 0, new_size - old_size); + xattr = new; - xattr->max_attr = count; + xattr->max_attr = new_count; return xattr; } -- cgit v1.2.3