From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 27773 invoked by alias); 27 Nov 2013 17:50:27 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: X-Seq: 32059 Received: (qmail 18240 invoked from network); 27 Nov 2013 17:50:21 -0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham version=3.3.2 Date: Wed, 27 Nov 2013 18:45:16 +0100 From: Simon Ruderich To: zsh-workers@zsh.org Subject: PATCH: utils.c: Fix use of uninitialized memory in metafy(). Message-ID: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="=_zucker.schokokeks.org-5682-1385574316-0001-2" Content-Disposition: inline User-Agent: Mutt/1.5.21 (2013-03-19) --=_zucker.schokokeks.org-5682-1385574316-0001-2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable --- Hello, While running the tests with valgrind I noticed an use of uninitialized memory in metafy(). The following patch should fix it, but I don't know the details of this code, so please check it before applying the patch. The problem is the *e !=3D '\0' in the next if, once e =3D=3D buf + len, *e points after buf. Regards, Simon Src/utils.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Src/utils.c b/Src/utils.c index 0db9c30..eb71aab 100644 --- a/Src/utils.c +++ b/Src/utils.c @@ -3980,10 +3980,14 @@ metafy(char *buf, int len, int heap) for (e =3D buf, len =3D 0; *e; len++) if (imeta(*e++)) meta++; - } else + } else { for (e =3D buf; e < buf + len;) if (imeta(*e++)) meta++; + /* go to last byte of buf */ + if (len > 0) + e--; + } =20 if (meta || heap =3D=3D META_DUP || heap =3D=3D META_HEAPDUP || *e != =3D '\0') { switch (heap) { --=20 1.8.4.4.12.gcc59366.dirty --=20 + privacy is necessary + using gnupg http://gnupg.org + public key id: 0x92FEFDB7E44C32F9 --=_zucker.schokokeks.org-5682-1385574316-0001-2 Content-Type: application/pgp-signature; name="signature.asc" Content-Transfer-Encoding: 7bit Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJSli+rAAoJEJL+/bfkTDL5+qUP/isJBxx5EQ8kGqYFvIX1ZlAW Kquy0m3x/Rcli7X4A76HXXdeVydiiyP6ZoKIiNSSc9N95bFpZ/rwsZYfTjvgNP15 YaKyOghXCJgIUbkOuiW+5P8qbvPRw5oTVFJ0/BY3bkvmDBex7HZKx/VWVi5t0VlB cIRIqjLIkttu3z200h1rzdoPdKhIs6okX9T8FmKOkHmbizYbTaV+FKff+MfxxPHS YGxnh5qOZrifmoEnPAQdxDxn/pqxsOy/zIOmW+51Rc4QIKGdgIJDv+EL0ExWnoPH W2iNGm/nDtFbYaMfOF2kExFqXeEkk16bBHnudvbfol74ujrpqY0BWd0RD9qyCJbb sMAaDvw9WHzJPoyKOiaCaJw6vYbFULk+mjnA9JbmvtGOGobrT6/0r3koi7ny/M1n DtCf03mDNgJyeXDLKGOSWpQwr6IQh12DPu8OdSvNw9adhQshme1Cz+ksio93Vc02 Vt6/NHnl0rAUAQCrHu/7ZkejoouARMp+88OKz3dtvONkANvkhLhwdhgOL1Xtc0mF i8UOmsRd+jMl5VA8vpe/JPdGJEflrua9XCOy4zPVVqluasbTytDILXpE2wqlgY3Y 6GNO4tugYBPyuKNZ1j0GJ5bsUqfm0DR1yymJa2mvqDGZQtgeyUsKXVSlzSmo01SN VlLgirPQHE2loX+JAEwj =e+HL -----END PGP SIGNATURE----- --=_zucker.schokokeks.org-5682-1385574316-0001-2--