0006-pgrep: Initialize the cmd*[] stack buffers.

Otherwise (for example), if the (undocumented) opt_echo is set, but not opt_long, and not opt_longlong, and not opt_pattern, there is a call to xstrdup(cmdoutput) but cmdoutput was never initialized: sleep 60 & echo "$!" > pidfile env -i LD_DEBUG=`perl -e 'print "A" x 131000'` pkill -e -c -F pidfile | xxd ... 000001c0: 4141 4141 4141 4141 4141 4141 4141 4141 AAAAAAAAAAAAAAAA 000001d0: 4141 4141 4141 4141 fcd4 e6bd e47f 206b AAAAAAAA...... k 000001e0: 696c 6c65 6420 2870 6964 2031 3230 3931 illed (pid 12091 000001f0: 290a 310a ).1. [1]+ Terminated sleep 60 (the LD_DEBUG is just a trick to fill the initial stack with non-null bytes, to show that there is uninitialized data from the stack in the output; here, an address "fcd4 e6bd e47f")
author: Qualys Security Advisory <qsa@qualys.com> 1970-01-01 00:00:00 +0000
committer: Craig Small <csmall@enc.com.au> 2018-06-23 21:59:14 +1000
commit: 8e6d11a928f8f6654a18f3f50b7203a0fa82665a (patch)
tree: fd2b87192e19f38da6ed43f8de6d07c6f7cfee38 /pgrep.c
parent: ac855877738e94cf1c9dd1a6a15ac7c0d06cf5db (diff)
download: procps-ng-8e6d11a928f8f6654a18f3f50b7203a0fa82665a.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/pgrep.c b/pgrep.c
index 5093e3d..6c70112 100644
--- a/pgrep.c
+++ b/pgrep.c
@@ -492,8 +492,8 @@ static struct el * select_procs (int *num)
     regex_t *preg;
     pid_t myself = getpid();
     struct el *list = NULL;
-    char cmdsearch[CMDSTRSIZE];
-    char cmdoutput[CMDSTRSIZE];
+    char cmdsearch[CMDSTRSIZE] = "";
+    char cmdoutput[CMDSTRSIZE] = "";
     char *task_cmdline;
     enum pids_fetch_type which;
author	Qualys Security Advisory <qsa@qualys.com>	1970-01-01 00:00:00 +0000
committer	Craig Small <csmall@enc.com.au>	2018-06-23 21:59:14 +1000
commit	8e6d11a928f8f6654a18f3f50b7203a0fa82665a (patch)
tree	fd2b87192e19f38da6ed43f8de6d07c6f7cfee38 /pgrep.c
parent	ac855877738e94cf1c9dd1a6a15ac7c0d06cf5db (diff)
download	procps-ng-8e6d11a928f8f6654a18f3f50b7203a0fa82665a.tar.gz