diff options
author | Jim Meyering <meyering@fb.com> | 2021-07-25 19:27:16 -0700 |
---|---|---|
committer | Jim Meyering <meyering@fb.com> | 2021-07-27 18:22:56 -0700 |
commit | 1aa7ccfca49d6e1d41974d4ddc30da9e5fef017e (patch) | |
tree | 3324312958a3f91a11522bd6a89fd404fb04a597 /src | |
parent | 747551b880b5e7ea773feac20b5db261c75e4daa (diff) | |
download | diffutils-1aa7ccfca49d6e1d41974d4ddc30da9e5fef017e.tar.gz |
cmp: avoid reading uninitialized memory
When comparing buffers a word at a time, cmp could read up to
sizeof (word) - 1 uninitialized bytes.
* src/cmp.c (cmp): Set not just a single guaranteed-differing
sentinel byte just beyond any final read byte, but also ensure
that any following bytes are defined, if those may be read via
block_compare's word-at-a-time comparison. Reported by Bruno Haible
in https://lists.gnu.org/r/diffutils-devel/2021-07/msg00003.html
Diffstat (limited to 'src')
-rw-r--r-- | src/cmp.c | 2 |
1 files changed, 2 insertions, 0 deletions
@@ -459,6 +459,8 @@ cmp (void) /* Insert sentinels for the block compare. */ buf0[read0] = ~buf1[read0]; buf1[read1] = ~buf0[read1]; + memset (buf0 + read0 + 1, 0, sizeof (word) - read0 % sizeof (word) - 1); + memset (buf1 + read1 + 1, 0, sizeof (word) - read1 % sizeof (word) - 1); first_diff = block_compare (buffer0, buffer1); } |