From: Matthew Fernandez <matthew.fernandez@gmail.com>
Date: Sat, 11 Jul 2020 22:33:55 +0000 (-0700)
Subject: zero out the result of a vmnewof()
X-Git-Tag: 2.46.0~20^2^2~182^2~19
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8d33fa030d308e6f5a4572a5b25bde4508757c31;p=graphviz

zero out the result of a vmnewof()

This is the only instance of a call to vmnewof() that appears to rely on the
semantics of the returned memory having been zeroed. We are about to make some
changes that make it impossible for the allocator to zero extra memory in a
vmresize() because it does not know the size of the original allocation. This
change makes it safe for vmresize() to stop providing zeroed out extra memory.
---

diff --git a/lib/expr/exeval.c b/lib/expr/exeval.c
index a9e1dab84..2069a612e 100644
--- a/lib/expr/exeval.c
+++ b/lib/expr/exeval.c
@@ -482,6 +482,7 @@ scformat(Sfio_t* sp, void* vp, Sffmt_t* dp)
 			node->data.variable.symbol->value->data.constant.value.string = 0;
 		fmt->fmt.size = 1024;
 		*((void**)vp) = node->data.variable.symbol->value->data.constant.value.string = vmnewof(fmt->expr->vm, node->data.variable.symbol->value->data.constant.value.string, char, fmt->fmt.size, 0);
+		memset(node->data.variable.symbol->value->data.constant.value.string, 0, sizeof(char) * (size_t)fmt->fmt.size);
 		break;
 	case 'c':
 		if (node->type != CHARACTER) {