summary refs log tree commit diff
diff options
context:
space:
mode:
authorPeter Stephenson <pws@users.sourceforge.net>2011-12-03 17:24:45 +0000
committerPeter Stephenson <pws@users.sourceforge.net>2011-12-03 17:24:45 +0000
commit724fd07a67f135c74eba57e9f25fd342201ec722 (patch)
treee00992da5a53633b9089a7143441652bb4f18530
parent82bc048da969e03550f5ddc2093d0b8ad9eda8a4 (diff)
downloadzsh-724fd07a67f135c74eba57e9f25fd342201ec722.tar.gz
zsh-724fd07a67f135c74eba57e9f25fd342201ec722.tar.xz
zsh-724fd07a67f135c74eba57e9f25fd342201ec722.zip
29934: Stef van Vlierberghe: uninitialised memory after lexer realloc
-rw-r--r--ChangeLog7
-rw-r--r--Src/lex.c12
2 files changed, 8 insertions, 11 deletions
diff --git a/ChangeLog b/ChangeLog
index 4bf1f0bdd..b61f903bb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2011-12-03  Peter Stephenson  <p.w.stephenson@ntlworld.com>
+
+	* From Stef VAN VLIERBERGHE: 29934: Src/lex.c (add): use of
+	uninitialised memoryx when lexer needed to reallocate token.
+
 2011-12-02  Peter Stephenson  <pws@csr.com>
 
 	* unposted: Test/B01cd.ztst: fix documentation for '*'
@@ -15645,5 +15650,5 @@
 
 *****************************************************
 * This is used by the shell to define $ZSH_PATCHLEVEL
-* $Revision: 1.5513 $
+* $Revision: 1.5514 $
 *****************************************************
diff --git a/Src/lex.c b/Src/lex.c
index 90c4effd9..05f54f842 100644
--- a/Src/lex.c
+++ b/Src/lex.c
@@ -567,22 +567,14 @@ add(int c)
 {
     *bptr++ = c;
     if (bsiz == ++len) {
-#if 0
-	int newbsiz;
-
-	newbsiz = bsiz * 8;
-	while (newbsiz < inbufct)
-	    newbsiz *= 2;
-	bptr = len + (tokstr = (char *)hrealloc(tokstr, bsiz, newbsiz));
-	bsiz = newbsiz;
-#endif
-
 	int newbsiz = bsiz * 2;
 
 	if (newbsiz > inbufct && inbufct > bsiz)
 	    newbsiz = inbufct;
 
 	bptr = len + (tokstr = (char *)hrealloc(tokstr, bsiz, newbsiz));
+	/* len == bsiz, so bptr is at the start of newly allocated memory */
+	memset(bptr, 0, newbsiz - bsiz);
 	bsiz = newbsiz;
     }
 }