From 1aa7ccfca49d6e1d41974d4ddc30da9e5fef017e Mon Sep 17 00:00:00 2001 From: Jim Meyering Date: Sun, 25 Jul 2021 19:27:16 -0700 Subject: cmp: avoid reading uninitialized memory When comparing buffers a word at a time, cmp could read up to sizeof (word) - 1 uninitialized bytes. * src/cmp.c (cmp): Set not just a single guaranteed-differing sentinel byte just beyond any final read byte, but also ensure that any following bytes are defined, if those may be read via block_compare's word-at-a-time comparison. Reported by Bruno Haible in https://lists.gnu.org/r/diffutils-devel/2021-07/msg00003.html --- src/cmp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/cmp.c b/src/cmp.c index e2d6f25..de67f92 100644 --- a/src/cmp.c +++ b/src/cmp.c @@ -459,6 +459,8 @@ cmp (void) /* Insert sentinels for the block compare. */ buf0[read0] = ~buf1[read0]; buf1[read1] = ~buf0[read1]; + memset (buf0 + read0 + 1, 0, sizeof (word) - read0 % sizeof (word) - 1); + memset (buf1 + read1 + 1, 0, sizeof (word) - read1 % sizeof (word) - 1); first_diff = block_compare (buffer0, buffer1); } -- cgit v1.2.1