29934: Stef van Vlierberghe: uninitialised memory after lexer realloc

2 files changed, 8 insertions, 11 deletions

diff --git a/ChangeLog b/ChangeLog
index 4bf1f0bdd..b61f903bb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2011-12-03  Peter Stephenson  <p.w.stephenson@ntlworld.com>
+
+	* From Stef VAN VLIERBERGHE: 29934: Src/lex.c (add): use of
+	uninitialised memoryx when lexer needed to reallocate token.
+
 2011-12-02  Peter Stephenson  <pws@csr.com>
 
 	* unposted: Test/B01cd.ztst: fix documentation for '*'
@@ -15645,5 +15650,5 @@
 
 *****************************************************
 * This is used by the shell to define $ZSH_PATCHLEVEL
-* $Revision: 1.5513 $
+* $Revision: 1.5514 $
 *****************************************************
diff --git a/Src/lex.c b/Src/lex.c
index 90c4effd9..05f54f842 100644
--- a/Src/lex.c
+++ b/Src/lex.c
@@ -567,22 +567,14 @@ add(int c)
 {
     *bptr++ = c;
     if (bsiz == ++len) {
-#if 0
-	int newbsiz;
-
-	newbsiz = bsiz * 8;
-	while (newbsiz < inbufct)
-	    newbsiz *= 2;
-	bptr = len + (tokstr = (char *)hrealloc(tokstr, bsiz, newbsiz));
-	bsiz = newbsiz;
-#endif
-
 	int newbsiz = bsiz * 2;
 
 	if (newbsiz > inbufct && inbufct > bsiz)
 	    newbsiz = inbufct;
 
 	bptr = len + (tokstr = (char *)hrealloc(tokstr, bsiz, newbsiz));
+	/* len == bsiz, so bptr is at the start of newly allocated memory */
+	memset(bptr, 0, newbsiz - bsiz);
 	bsiz = newbsiz;
     }
 }