Game of Trees Repos

Commit Diff

Commit:: 08603e79bbb2bb6324cad8aa08311f2f47f8822d
From:: Stefan Sperling <stsp@stsp.name>
Date:: Tue Nov 8 09:20:26 2022 UTC
Message:: zero-initialize all of struct got_inflate_buf in got_inflate_init() Fixes a potential bogus free on error. got_inflate_end() relies on zb.flags to be initialized. It will try to free a bogus zb.outbuf pointer if zb.flags happens to set by uninitialized stack memory while we are calling got_inflate_end() in an error path.
Actions:: Patch | Tree

commit - ca7cfae029f0cbca1f65f326025744f627b69d92
commit + 08603e79bbb2bb6324cad8aa08311f2f47f8822d
blob - 806b5542c5fcee17a27336702f83c72c94a50070
blob + dc46eb047636a6ef075d902f58565030b486aa27
--- lib/inflate.c
+++ lib/inflate.c
@@ -44,7 +44,7 @@ got_inflate_init(struct got_inflate_buf *zb, uint8_t *
 	const struct got_error *err = NULL;
 	int zerr;
 
-	memset(&zb->z, 0, sizeof(zb->z));
+	memset(zb, 0, sizeof(*zb));
 
 	zb->z.zalloc = Z_NULL;
 	zb->z.zfree = Z_NULL;