gbranden pushed a commit to branch master
in repository groff.
commit 5a0b75048d8632e747658acd2cce395c0ffdc9ef
Author: G. Branden Robinson <[email protected]>
AuthorDate: Thu Aug 15 10:40:39 2024 -0500
[troff]: Clear heap-allocated array memory.
[troff]: Clear array memory when allocating it from the heap. Prompted
by Lukas Javorsky's static-analysis-driven report in Savannah #66081.
* src/roff/troff/env.cpp (override_sizes, tab_stops::to_string)
(add_hyphenation_exceptions, hyphen_trie::insert_hyphenation):
* src/roff/troff/input.cpp (read_long_escape_parameters, token::next)
(do_get_long_name, get_delimited_name, pipe_source, read_string)
(pipe_output, open_macro_package, do_register_assignment)
(do_string_assignment, copy_mode_error): Do it.
---
ChangeLog | 14 ++++++++++++++
src/roff/troff/env.cpp | 10 ++++++++--
src/roff/troff/input.cpp | 47 ++++++++++++++++++++++++++++++++++++++++-------
3 files changed, 62 insertions(+), 9 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index f3a98cd1d..dd8530464 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,17 @@
+2024-08-15 G. Branden Robinson <[email protected]>
+
+ [troff]: Clear array memory when allocating it from the heap.
+ Prompted by Lukas Javorsky's static-analysis-driven report in
+ Savannah #66081.
+
+ * src/roff/troff/env.cpp (override_sizes, tab_stops::to_string)
+ (add_hyphenation_exceptions, hyphen_trie::insert_hyphenation):
+ * src/roff/troff/input.cpp (read_long_escape_parameters)
+ (token::next, do_get_long_name, get_delimited_name, pipe_source)
+ (read_string, pipe_output, open_macro_package)
+ (do_register_assignment, do_string_assignment, copy_mode_error):
+ Do it.
+
2024-08-15 G. Branden Robinson <[email protected]>
[troff]: Fix code style nits.
diff --git a/src/roff/troff/env.cpp b/src/roff/troff/env.cpp
index d8e51fade..ee4840b93 100644
--- a/src/roff/troff/env.cpp
+++ b/src/roff/troff/env.cpp
@@ -1343,7 +1343,8 @@ void override_sizes()
}
if (i + 2 > n) {
int *old_sizes = sizes;
- sizes = new int[n * 2];
+ sizes = new int[n * 2]; // C++03: new int[n * 2]();
+ (void) memset(sizes, 0, (n * 2 * sizeof(int)));
memcpy(sizes, old_sizes, (n * sizeof(int)));
n *= 2;
delete[] old_sizes;
@@ -2764,7 +2765,8 @@ const char *tab_stops::to_string()
if (buf)
delete[] buf;
buf_size = need;
- buf = new char[buf_size];
+ buf = new char[buf_size]; // C++03: new char[buf_size]();
+ (void) memset(buf, 0, buf_size * sizeof(char));
}
char *ptr = buf;
for (p = initial_list; p; p = p->next) {
@@ -3666,7 +3668,9 @@ static void add_hyphenation_exceptions()
if (i > 0) {
pos[npos] = 0;
buf[i] = '\0';
+ // C++03: new unsigned char[npos + 1]();
unsigned char *tem = new unsigned char[npos + 1];
+ (void) memset(tem, 0, ((npos + 1) * sizeof(unsigned char)));
memcpy(tem, pos, npos + 1);
tem = static_cast<unsigned char *>
(current_language->exceptions.lookup(symbol(buf), tem));
@@ -3826,7 +3830,9 @@ void hyphen_trie::insert_hyphenation(dictionary *ex,
const char *pat,
if (i > 0) {
pos[npos] = 0;
buf[i] = '\0';
+ // C++03: new unsigned char[npos + 1]();
unsigned char *tem = new unsigned char[npos + 1];
+ (void) memset(tem, 0, ((npos + 1) * sizeof(unsigned char)));
memcpy(tem, pos, npos + 1);
tem = static_cast<unsigned char *>(ex->lookup(symbol(buf), tem));
if (0 /* nullptr */ == tem)
diff --git a/src/roff/troff/input.cpp b/src/roff/troff/input.cpp
index b2c5bfdcd..e7de7da26 100644
--- a/src/roff/troff/input.cpp
+++ b/src/roff/troff/input.cpp
@@ -987,13 +987,17 @@ static symbol read_long_escape_parameters(read_mode mode)
break;
if (i + 2 > buf_size) {
if (buf == abuf) {
+ // C++03: new char[ABUF_SIZE * 2]();
buf = new char[ABUF_SIZE * 2];
+ (void) memset(buf, 0, (ABUF_SIZE * 2 * sizeof(char)));
memcpy(buf, abuf, buf_size);
buf_size = ABUF_SIZE * 2;
}
else {
char *old_buf = buf;
+ // C++03: new char[buf_size * 2]();
buf = new char[buf_size * 2];
+ (void) memset(buf, 0, (buf_size * 2 * sizeof(char)));
memcpy(buf, old_buf, buf_size);
buf_size *= 2;
delete[] old_buf;
@@ -2451,7 +2455,10 @@ void token::next()
if (groff_gn)
nm = symbol(groff_gn);
else {
+ // C++03: new char[strlen(gn) + 1 + 1]();
char *buf = new char[strlen(gn) + 1 + 1];
+ (void) memset(buf, 0,
+ (strlen(gn) + 1 + 1) * sizeof(char));
strcpy(buf, "u");
strcat(buf, gn);
nm = symbol(buf);
@@ -2732,13 +2739,17 @@ static symbol do_get_long_name(bool required, char
end_char)
// If `end_char` != `\0` we normally have to append a null byte.
if (i + 2 > buf_size) {
if (buf == abuf) {
+ // C++03: new char[ABUF_SIZE * 2]();
buf = new char[ABUF_SIZE * 2];
+ (void) memset(buf, 0, (ABUF_SIZE * 2 * sizeof(char)));
memcpy(buf, abuf, (buf_size * sizeof(char)));
buf_size = ABUF_SIZE * 2;
}
else {
char *old_buf = buf;
+ // C++03: new char[buf_size * 2]();
buf = new char[buf_size * 2];
+ (void) memset(buf, 0, (buf_size * 2 * sizeof(char)));
memcpy(buf, old_buf, (buf_size * sizeof(char)));
buf_size *= 2;
delete[] old_buf;
@@ -5362,13 +5373,17 @@ static symbol get_delimited_name()
for (;;) {
if (i + 1 > buf_size) {
if (buf == abuf) {
+ // C++03: new char[ABUF_SIZE * 2]();
buf = new char[ABUF_SIZE * 2];
+ (void) memset(buf, 0, (ABUF_SIZE * 2 * sizeof(char)));
memcpy(buf, abuf, buf_size);
buf_size = ABUF_SIZE * 2;
}
else {
char *old_buf = buf;
+ // C++03: new char[buf_size * 2]();
buf = new char[buf_size * 2];
+ (void) memset(buf, 0, (buf_size * 2 * sizeof(char)));
memcpy(buf, old_buf, buf_size);
buf_size *= 2;
delete[] old_buf;
@@ -6258,7 +6273,8 @@ void pipe_source()
while ((c = get_copy(0)) == ' ' || c == '\t')
;
size_t buf_size = 24;
- char *buf = new char[buf_size];
+ char *buf = new char[buf_size]; // C++03: new char[buf_size]();
+ (void) memset(buf, 0, (buf_size * sizeof(char)));
size_t buf_used = 0;
for (; c != '\n' && c != EOF; c = get_copy(0)) {
const char *s = asciify(c);
@@ -6267,7 +6283,8 @@ void pipe_source()
char *old_buf = buf;
size_t old_buf_size = buf_size;
buf_size *= 2;
- buf = new char[buf_size];
+ buf = new char[buf_size]; // C++03: new char[buf_size]();
+ (void) memset(buf, 0, (buf_size * sizeof(char)));
memcpy(buf, old_buf, old_buf_size);
delete[] old_buf;
}
@@ -7878,7 +7895,8 @@ void abort_request()
char *read_string()
{
int len = 256;
- char *s = new char[len];
+ char *s = new char[len]; // C++03: new char[len]();
+ (void) memset(s, 0, (len * sizeof(char)));
int c;
while ((c = get_copy(0)) == ' ')
;
@@ -7887,7 +7905,8 @@ char *read_string()
if (!is_invalid_input_char(c)) {
if (i + 2 > len) {
char *tem = s;
- s = new char[len * 2];
+ s = new char[len * 2]; // C++03: new char[len * 2]();
+ (void) memset(s, 0, (len * 2 * sizeof(char)));
memcpy(s, tem, len);
len *= 2;
delete[] tem;
@@ -7922,7 +7941,10 @@ void pipe_output()
error("cannot apply pipe request to empty command");
// Are we adding to an existing pipeline?
if (pipe_command != 0 /* nullptr */) {
+ // C++03: new char[strlen(pipe_command) + strlen(pc) + 1 + 1]();
char *s = new char[strlen(pipe_command) + strlen(pc) + 1 + 1];
+ (void) memset(s, 0, ((strlen(pipe_command) + strlen(pc) + 1 + 1)
+ * sizeof(char)));
strcpy(s, pipe_command);
strcat(s, "|");
strcat(s, pc);
@@ -8100,7 +8122,10 @@ static void parse_output_page_list(char *p)
static FILE *open_macro_package(const char *mac, char **path)
{
// Try `mac`.tmac first, then tmac.`mac`. Expect ENOENT errors.
+ // C++03: new char[strlen(mac) + strlen(MACRO_POSTFIX) + 1]();
char *s1 = new char[strlen(mac) + strlen(MACRO_POSTFIX) + 1];
+ (void) memset(s1, 0, ((strlen(mac) + strlen(MACRO_POSTFIX) + 1)
+ * sizeof(char)));
strcpy(s1, mac);
strcat(s1, MACRO_POSTFIX);
FILE *fp = mac_path->open_file(s1, path);
@@ -8108,7 +8133,10 @@ static FILE *open_macro_package(const char *mac, char
**path)
error("cannot open macro file '%1': %2", s1, strerror(errno));
delete[] s1;
if (0 /* nullptr */ == fp) {
+ // C++03: new char[strlen(mac) + strlen(MACRO_PREFIX) + 1]();
char *s2 = new char[strlen(mac) + strlen(MACRO_PREFIX) + 1];
+ (void) memset(s2, 0, ((strlen(mac) + strlen(MACRO_PREFIX) + 1)
+ * sizeof(char)));
strcpy(s2, MACRO_PREFIX);
strcat(s2, mac);
fp = mac_path->open_file(s2, path);
@@ -8232,7 +8260,8 @@ static void do_register_assignment(const char *s)
set_register(buf, n);
}
else {
- char *buf = new char[p - s + 1];
+ char *buf = new char[p - s + 1]; // C++03: new char[p - s + 1]();
+ (void) memset(buf, 0, ((p - s + 1) * sizeof(char)));
memcpy(buf, s, p - s);
buf[p - s] = 0;
units n;
@@ -8261,7 +8290,8 @@ static void do_string_assignment(const char *s)
set_string(buf, s + 1);
}
else {
- char *buf = new char[p - s + 1];
+ char *buf = new char[p - s + 1]; // C++03: new char[p - s + 1]();
+ (void) memset(buf, 0, ((p - s + 1) * sizeof(char)));
memcpy(buf, s, p - s);
buf[p - s] = 0;
set_string(buf, p + 1);
@@ -9044,7 +9074,10 @@ static void copy_mode_error(const char *format,
{
if (ignoring) {
static const char prefix[] = "(in ignored input) ";
- char *s = new char[sizeof(prefix) + strlen(format)];
+ // C++03: new char[sizeof prefix + strlen(format)]();
+ char *s = new char[sizeof prefix + strlen(format)];
+ (void) memset(s, 0, (sizeof prefix + (strlen(format)
+ * sizeof(char))));
strcpy(s, prefix);
strcat(s, format);
warning(WARN_IG, s, arg1, arg2, arg3);
_______________________________________________
Groff-commit mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/groff-commit
