You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
38 lines
1.3 KiB
38 lines
1.3 KiB
From 5d834359bef6727df82cf4f2c2f3f255145f7785 Mon Sep 17 00:00:00 2001 |
|
From: Jan Grulich <jgrulich@redhat.com> |
|
Date: Tue, 25 May 2021 14:18:48 +0200 |
|
Subject: [PATCH] CharArray: pre-fill empty array with zeroes |
|
|
|
CharArray should always be null-terminated. There is a potential |
|
scenario where this all might lead to crash. In Password we call |
|
memset(), passing length of the array we get with strlen(), but |
|
this won't return correct value when the array is not properly |
|
null-terminated. |
|
--- |
|
common/rfb/util.h | 7 +++++-- |
|
1 file changed, 5 insertions(+), 2 deletions(-) |
|
|
|
diff --git a/common/rfb/util.h b/common/rfb/util.h |
|
index 3100f90fd..71caac426 100644 |
|
--- a/common/rfb/util.h |
|
+++ b/common/rfb/util.h |
|
@@ -52,14 +52,17 @@ namespace rfb { |
|
CharArray(char* str) : buf(str) {} // note: assumes ownership |
|
CharArray(size_t len) { |
|
buf = new char[len](); |
|
+ memset(buf, 0, len); |
|
} |
|
~CharArray() { |
|
- delete [] buf; |
|
+ if (buf) { |
|
+ delete [] buf; |
|
+ } |
|
} |
|
void format(const char *fmt, ...) __printf_attr(2, 3); |
|
// Get the buffer pointer & clear it (i.e. caller takes ownership) |
|
char* takeBuf() {char* tmp = buf; buf = 0; return tmp;} |
|
- void replaceBuf(char* b) {delete [] buf; buf = b;} |
|
+ void replaceBuf(char* b) {if (buf) delete [] buf; buf = b;} |
|
char* buf; |
|
private: |
|
CharArray(const CharArray&);
|
|
|