connectivity/source/drivers/macab/MacabRecords.cxx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit 87e3e111d24d8a83d4a5c6fcbd99d5d82a4c6771
Author: Dan Williams <d...@ioncontrol.co>
AuthorDate: Tue Sep 16 22:54:03 2025 -0500
Commit: Noel Grandin <noel.gran...@collabora.co.uk>
CommitDate: Wed Sep 17 16:27:19 2025 +0200
connectivity/macab: ensure records array is zero-initialized
When constructing a MacabRecords by passing an existing MacabRecords
object, the new object allocates storage for records but does not copy
them, which is left up to the caller. But if the caller does not copy
records, the 'records' array elements are uninitialized garbage, leading
to a crash when the new MacabRecords object is disposed and those
garbage pointers are freed.
Signed-off-by: Dan Williams <d...@ioncontrol.co>
Change-Id: I6d381e523dd3f252f088bb879e886854ffe0163a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/191058
Reviewed-by: Noel Grandin <noel.gran...@collabora.co.uk>
Tested-by: Jenkins
diff --git a/connectivity/source/drivers/macab/MacabRecords.cxx
b/connectivity/source/drivers/macab/MacabRecords.cxx
index a4f2c61a8b0c..eb812790a4bf 100644
--- a/connectivity/source/drivers/macab/MacabRecords.cxx
+++ b/connectivity/source/drivers/macab/MacabRecords.cxx
@@ -92,7 +92,7 @@ MacabRecords::MacabRecords(const ABAddressBookRef
_addressBook, MacabHeader *_he
*/
MacabRecords::MacabRecords(const MacabRecords *_copy)
: recordsSize(_copy->recordsSize), currentRecord(0),
recordType(kABPersonRecordType),
- header(nullptr), records(new MacabRecord *[recordsSize]),
addressBook(_copy->addressBook),
+ header(nullptr), records(new MacabRecord *[recordsSize]()),
addressBook(_copy->addressBook),
m_sName(_copy->m_sName)
{
/* Variables constructed... */
