From: Matthew Fernandez Date: Thu, 3 Mar 2022 06:33:39 +0000 (-0800) Subject: GD plugin: fix: zero I/O contexts on creation X-Git-Tag: 4.0.0~177^2~1 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b2d7df03fb74c2ee501a20b292a51a50a82bd1ce;p=graphviz GD plugin: fix: zero I/O contexts on creation The GD plugin was creating `gdIOCtx` objects on the stack with some uninitialized members. At time of writing, the GD docs¹ claim this struct’s layout is: typedef struct gdIOCtx { int (*getC)(gdIOCtxPtr); int (*getBuf)(gdIOCtxPtr, void *, int wanted); void (*putC)(gdIOCtxPtr, int); int (*putBuf)(gdIOCtxPtr, const void *, int wanted); // seek must return 1 on SUCCESS, 0 on FAILURE. Unlike fseek! int (*seek)(gdIOCtxPtr, const int); long (*tell)(gdIOCtxPtr); void (*gd_free)(gdIOCtxPtr); } gdIOCtx; So Graphviz’ usage was leaving `getC`, `getBuf`, `seek`, and `gd_free` uninitialized. This seems to work out OK; Graphviz’ usage of libgd apparently does not involve any code paths that use these members. But this does not seem to be an API guarantee. This change zeroes these members for future stability. ¹ https://libgd.github.io/manuals/2.3.3/files/gd_io-h.html#gdIOCtx --- diff --git a/plugin/gd/gvdevice_gd.c b/plugin/gd/gvdevice_gd.c index dcb8552aa..94dc392cf 100644 --- a/plugin/gd/gvdevice_gd.c +++ b/plugin/gd/gvdevice_gd.c @@ -46,7 +46,7 @@ static void gd_format(GVJ_t * job) unsigned int *data = (unsigned int*)(job->imagedata); unsigned int width = job->width; unsigned int height = job->height; - gdIOCtx ctx; + gdIOCtx ctx = {0}; ctx.putBuf = gvdevice_gd_putBuf; ctx.putC = gvdevice_gd_putC; diff --git a/plugin/gd/gvrender_gd.c b/plugin/gd/gvrender_gd.c index 46cc298e3..6c93fb866 100644 --- a/plugin/gd/gvrender_gd.c +++ b/plugin/gd/gvrender_gd.c @@ -150,7 +150,7 @@ static void gdgen_end_page(GVJ_t * job) { gdImagePtr im = (gdImagePtr) job->context; - gdIOCtx ctx; + gdIOCtx ctx = {0}; ctx.putBuf = gvdevice_gd_putBuf; ctx.putC = gvdevice_gd_putC;