OCRepresentation: fix segmentation fault by initializing memory

dimensions was not fully initialized, but used by the code, so it could
contain arbitrary memory. If this memory was a big number this code
could allocate very much memory as this was used to create a 2 or 3
dimensional arrays.

This fixes a Segmentation fault seen in normal operation of the
garageserver and a invalid memory read and a following segmentation
fault seen with valgrind in the garageserver

Change-Id: Ifbab3d48b00bd2e3559ca3a8d79336ecf5feef6e
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@lantiq.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/2285
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Jon A. Cruz <jonc@osg.samsung.com>

diff --git a/resource/src/OCRepresentation.cpp b/resource/src/OCRepresentation.cpp
index f61edb3..70d699e 100644 (file)
--- a/resource/src/OCRepresentation.cpp
+++ b/resource/src/OCRepresentation.cpp
@@ -181,6 +181,8 @@ namespace OC
         {
             root_size_calc<T>();
             dimensions[0] = arr.size();
+            dimensions[1] = 0;
+            dimensions[2] = 0;
             dimTotal = calcDimTotal(dimensions);
 
             array = (void*)OICMalloc(dimTotal * root_size);
@@ -196,6 +198,8 @@ namespace OC
         {
             root_size_calc<T>();
             dimensions[0] = arr.size();
+            dimensions[1] = 0;
+            dimensions[2] = 0;
             for(size_t i = 0; i < arr.size(); ++i)
             {
                 dimensions[1] = std::max(dimensions[1], arr[i].size());
@@ -216,6 +220,8 @@ namespace OC
         {
             root_size_calc<T>();
             dimensions[0] = arr.size();
+            dimensions[1] = 0;
+            dimensions[2] = 0;
             for(size_t i = 0; i < arr.size(); ++i)
             {
                 dimensions[1] = std::max(dimensions[1], arr[i].size());