initialize null terminator of new printbuf #239
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
It's possible (e.g. by using json_object_from_file() on an empty file)
to get json-c to try to use a printbuf that has never had anything
written to it. Before this change, it could access a string that
should be length zero, but was never initialized, and could
theoretically have an unexpected string.
I ran into this while using valgrind on an application's tests that sometimes
specified an empty json configuration file. So I guess the main motivation of
this PR is to shut up valgrind :)
But, I was able to come up with a sort of proof-of-concept of actual harm from the bug:
EDIT: tweaked example code loop counts to make the trick work on more systems