From 1c6def05e37f4a8a828a94aa0ca0e6236877f26f Mon Sep 17 00:00:00 2001 From: =?utf8?q?J=C3=A9r=C3=A9mie=20Galarneau?= Date: Sat, 27 May 2017 06:26:27 -0400 Subject: [PATCH] Fix: space left in buffer may be uninitilized on capacity increase MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit In the following case of dynamic buffer resize: |---------|---------------------|------------------------| ^ ^ ^ (a) original_size (b) original_capacity (c) new_capacity The code (correctly) assumes that the space between b and c is zero-initialized. However, the space between a and b will be left uninitialized. Signed-off-by: Jérémie Galarneau --- src/common/dynamic-buffer.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/common/dynamic-buffer.c b/src/common/dynamic-buffer.c index 7184a3400..c295a5d2e 100644 --- a/src/common/dynamic-buffer.c +++ b/src/common/dynamic-buffer.c @@ -101,10 +101,22 @@ int lttng_dynamic_buffer_set_size(struct lttng_dynamic_buffer *buffer, } if (new_size > buffer->capacity) { + size_t original_size = buffer->size; + size_t original_capacity = buffer->capacity; + ret = lttng_dynamic_buffer_set_capacity(buffer, new_size); if (ret) { goto end; } + + /* + * Zero-initialize the space that was left in the buffer at the + * before we increased its capacity (original capacity - original size). + * The newly acquired capacity (new capacity - original capacity) + * is zeroed by lttng_dynamic_buffer_set_capacity(). + */ + memset(buffer->data + original_size, 0, + original_capacity - original_size); } else if (new_size > buffer->size) { memset(buffer->data + buffer->size, 0, new_size - buffer->size); } else { -- 2.34.1