From: Hauke Mehrtens Date: Wed, 26 Aug 2015 13:36:58 +0000 (+0200) Subject: OCRepresentation: fix segmentation fault by initializing memory X-Git-Tag: 1.0.0-RC1~69 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=0f8b4c4ca03e7d39675901f117f5d79a5daeeeae;p=contrib%2Fiotivity.git OCRepresentation: fix segmentation fault by initializing memory dimensions was not fully initialized, but used by the code, so it could contain arbitrary memory. If this memory was a big number this code could allocate very much memory as this was used to create a 2 or 3 dimensional arrays. This fixes a Segmentation fault seen in normal operation of the garageserver and a invalid memory read and a following segmentation fault seen with valgrind in the garageserver Change-Id: Ifbab3d48b00bd2e3559ca3a8d79336ecf5feef6e Signed-off-by: Hauke Mehrtens Reviewed-on: https://gerrit.iotivity.org/gerrit/2285 Tested-by: jenkins-iotivity Reviewed-by: Jon A. Cruz --- diff --git a/resource/src/OCRepresentation.cpp b/resource/src/OCRepresentation.cpp index f61edb3..70d699e 100644 --- a/resource/src/OCRepresentation.cpp +++ b/resource/src/OCRepresentation.cpp @@ -181,6 +181,8 @@ namespace OC { root_size_calc(); dimensions[0] = arr.size(); + dimensions[1] = 0; + dimensions[2] = 0; dimTotal = calcDimTotal(dimensions); array = (void*)OICMalloc(dimTotal * root_size); @@ -196,6 +198,8 @@ namespace OC { root_size_calc(); dimensions[0] = arr.size(); + dimensions[1] = 0; + dimensions[2] = 0; for(size_t i = 0; i < arr.size(); ++i) { dimensions[1] = std::max(dimensions[1], arr[i].size()); @@ -216,6 +220,8 @@ namespace OC { root_size_calc(); dimensions[0] = arr.size(); + dimensions[1] = 0; + dimensions[2] = 0; for(size_t i = 0; i < arr.size(); ++i) { dimensions[1] = std::max(dimensions[1], arr[i].size());