dimensions was not fully initialized, but used by the code, so it could
contain arbitrary memory. If this memory was a big number this code
could allocate very much memory as this was used to create a 2 or 3
dimensional arrays.
This fixes a Segmentation fault seen in normal operation of the
garageserver and a invalid memory read and a following segmentation
fault seen with valgrind in the garageserver
Change-Id: Ifbab3d48b00bd2e3559ca3a8d79336ecf5feef6e
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@lantiq.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/2285
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Jon A. Cruz <jonc@osg.samsung.com>
{
root_size_calc<T>();
dimensions[0] = arr.size();
+ dimensions[1] = 0;
+ dimensions[2] = 0;
dimTotal = calcDimTotal(dimensions);
array = (void*)OICMalloc(dimTotal * root_size);
{
root_size_calc<T>();
dimensions[0] = arr.size();
+ dimensions[1] = 0;
+ dimensions[2] = 0;
for(size_t i = 0; i < arr.size(); ++i)
{
dimensions[1] = std::max(dimensions[1], arr[i].size());
{
root_size_calc<T>();
dimensions[0] = arr.size();
+ dimensions[1] = 0;
+ dimensions[2] = 0;
for(size_t i = 0; i < arr.size(); ++i)
{
dimensions[1] = std::max(dimensions[1], arr[i].size());