sw/source/filter/ww8/ww8scan.cxx | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
New commits:
commit 2053a545413e788f6d3fb74e0335f8f2d354a0cc
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Mon Aug 30 16:35:36 2021 +0100
Commit: Caolán McNamara <caol...@redhat.com>
CommitDate: Tue Aug 31 14:44:34 2021 +0200
ofz: MemorySanitizer: use-of-uninitialized-value
no idea why its like this in the first place, but I'm not
going to change it decades later, just zero out the uninit
bytes
Change-Id: Ie5d875523999d465dc167ac4fedcb99d3825ae99
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/121363
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx
index b79881604a8d..cf81cc434560 100644
--- a/sw/source/filter/ww8/ww8scan.cxx
+++ b/sw/source/filter/ww8/ww8scan.cxx
@@ -2313,8 +2313,15 @@ void WW8PLCF::ReadPLCF(SvStream& rSt, WW8_FC nFilePos,
sal_uInt32 nPLCF)
if (bValid)
{
// Pointer to Pos-array
- pPLCF_PosArray.reset( new WW8_CP[ ( nPLCF + 3 ) / 4 ] );
+ const size_t nEntries = (nPLCF + 3) / 4;
+ pPLCF_PosArray.reset(new WW8_CP[nEntries]);
bValid = checkRead(rSt, pPLCF_PosArray.get(), nPLCF);
+ size_t nBytesAllocated = nEntries * sizeof(WW8_CP);
+ if (bValid && nPLCF != nBytesAllocated)
+ {
+ sal_uInt8* pStartBlock =
reinterpret_cast<sal_uInt8*>(pPLCF_PosArray.get());
+ memset(pStartBlock + nPLCF, 0, nBytesAllocated - nPLCF);
+ }
}
if (bValid)
