cmp: avoid reading uninitialized memory

When comparing buffers a word at a time, cmp could read up to sizeof (word) - 1 uninitialized bytes. * src/cmp.c (cmp): Set not just a single guaranteed-differing sentinel byte just beyond any final read byte, but also ensure that any following bytes are defined, if those may be read via block_compare's word-at-a-time comparison. Reported by Bruno Haible in https://lists.gnu.org/r/diffutils-devel/2021-07/msg00003.html
author: Jim Meyering <meyering@fb.com> 2021-07-25 19:27:16 -0700
committer: Jim Meyering <meyering@fb.com> 2021-07-27 18:22:56 -0700
commit: 1aa7ccfca49d6e1d41974d4ddc30da9e5fef017e (patch)
tree: 3324312958a3f91a11522bd6a89fd404fb04a597 /src
parent: 747551b880b5e7ea773feac20b5db261c75e4daa (diff)
download: diffutils-1aa7ccfca49d6e1d41974d4ddc30da9e5fef017e.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/src/cmp.c b/src/cmp.c
index e2d6f25..de67f92 100644
--- a/src/cmp.c
+++ b/src/cmp.c
@@ -459,6 +459,8 @@ cmp (void)
           /* Insert sentinels for the block compare.  */
           buf0[read0] = ~buf1[read0];
           buf1[read1] = ~buf0[read1];
+          memset (buf0 + read0 + 1, 0, sizeof (word) - read0 % sizeof (word) - 1);
+          memset (buf1 + read1 + 1, 0, sizeof (word) - read1 % sizeof (word) - 1);
 
           first_diff = block_compare (buffer0, buffer1);
         }
author	Jim Meyering <meyering@fb.com>	2021-07-25 19:27:16 -0700
committer	Jim Meyering <meyering@fb.com>	2021-07-27 18:22:56 -0700
commit	1aa7ccfca49d6e1d41974d4ddc30da9e5fef017e (patch)
tree	3324312958a3f91a11522bd6a89fd404fb04a597 /src
parent	747551b880b5e7ea773feac20b5db261c75e4daa (diff)
download	diffutils-1aa7ccfca49d6e1d41974d4ddc30da9e5fef017e.tar.gz