From: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Date: Sat, 27 May 2017 10:26:27 +0000 (-0400)
Subject: Fix: space left in buffer may be uninitilized on capacity increase
X-Git-Url: http://git.efficios.com/?p=lttng-tools.git;a=commitdiff_plain;h=1c6def05e37f4a8a828a94aa0ca0e6236877f26f

Fix: space left in buffer may be uninitilized on capacity increase

In the following case of dynamic buffer resize:

|---------|---------------------|------------------------|
          ^                     ^                        ^
 (a) original_size     (b) original_capacity     (c) new_capacity

The code (correctly) assumes that the space between b and c is
zero-initialized. However, the space between a and b will be left
uninitialized.

Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
---

diff --git a/src/common/dynamic-buffer.c b/src/common/dynamic-buffer.c
index 7184a3400..c295a5d2e 100644
--- a/src/common/dynamic-buffer.c
+++ b/src/common/dynamic-buffer.c
@@ -101,10 +101,22 @@ int lttng_dynamic_buffer_set_size(struct lttng_dynamic_buffer *buffer,
 	}
 
 	if (new_size > buffer->capacity) {
+		size_t original_size = buffer->size;
+		size_t original_capacity = buffer->capacity;
+
 		ret = lttng_dynamic_buffer_set_capacity(buffer, new_size);
 		if (ret) {
 			goto end;
 		}
+
+		/*
+		 * Zero-initialize the space that was left in the buffer at the
+		 * before we increased its capacity (original capacity - original size).
+		 * The newly acquired capacity (new capacity - original capacity)
+		 * is zeroed by lttng_dynamic_buffer_set_capacity().
+		 */
+		memset(buffer->data + original_size, 0,
+				original_capacity - original_size);
 	} else if (new_size > buffer->size) {
 		memset(buffer->data + buffer->size, 0, new_size - buffer->size);
 	} else {