cmp: avoid reading uninitialized memory

[This *is* useful, so reapply. ] When comparing buffers a word at a time, cmp could read up to sizeof (word) - 1 uninitialized bytes. * src/cmp.c (cmp): Set not just a single guaranteed-differing sentinel byte just beyond any final read byte, but also ensure that any following bytes are defined, if those may be read via block_compare's word-at-a-time comparison. Reported by Bruno Haible in https://lists.gnu.org/r/diffutils-devel/2021-07/msg00003.html
author: Jim Meyering <meyering@fb.com> 2021-07-25 19:27:16 -0700
committer: Jim Meyering <meyering@fb.com> 2021-07-31 21:37:15 -0700
commit: 8d941fc5ad30a116841db2d72e80769c1756033c (patch)
tree: 039cb71f97abbaf53e8a1ed1407f380a34c9cda0
parent: cae1a3d2578e3bc8473cb85b1b453d59640626d8 (diff)
download: diffutils-8d941fc5ad30a116841db2d72e80769c1756033c.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/src/cmp.c b/src/cmp.c
index 65a20db..9953d14 100644
--- a/src/cmp.c
+++ b/src/cmp.c
@@ -463,6 +463,11 @@ cmp (void)
             buf0[read1] = 0x79; /* arbitrary and distinct from the above */
           buf0[read0] = ~buf1[read0];
           buf1[read1] = ~buf0[read1];
+          /* Ensure all bytes of a final word-read are initialized.  */
+          memset (buf0 + read0 + 1, 0,
+                  sizeof (word) - read0 % sizeof (word) - 1);
+          memset (buf1 + read1 + 1, 0,
+                  sizeof (word) - read1 % sizeof (word) - 1);
 
           first_diff = block_compare (buffer0, buffer1);
         }
author	Jim Meyering <meyering@fb.com>	2021-07-25 19:27:16 -0700
committer	Jim Meyering <meyering@fb.com>	2021-07-31 21:37:15 -0700
commit	8d941fc5ad30a116841db2d72e80769c1756033c (patch)
tree	039cb71f97abbaf53e8a1ed1407f380a34c9cda0
parent	cae1a3d2578e3bc8473cb85b1b453d59640626d8 (diff)
download	diffutils-8d941fc5ad30a116841db2d72e80769c1756033c.tar.gz