diff options
author | Tom Sepez <tsepez@chromium.org> | 2017-03-29 12:43:50 -0700 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2017-03-29 20:17:31 +0000 |
commit | ca825d3abded0dd633857ab56288ceff54858cd8 (patch) | |
tree | 3322fc5020ca02c50c10a6f585bf248022381097 | |
parent | 0cf642f763b1ab8cdb3c52db80cf38e380c82a19 (diff) | |
download | pdfium-ca825d3abded0dd633857ab56288ceff54858cd8.tar.xz |
Fix MSAN uninitialized value report.
Having move to partition alloc, string buffers are no longer
automatically pre-zero'd (nor should they because CFX strings
are implemented without this cycle-wasting assumption in mind).
BUG=705912
Change-Id: Ia0de263076c2a792ab546bd10c37a06b4251e7e2
Reviewed-on: https://pdfium-review.googlesource.com/3292
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
-rw-r--r-- | core/fxcrt/fx_basic_wstring.cpp | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/core/fxcrt/fx_basic_wstring.cpp b/core/fxcrt/fx_basic_wstring.cpp index 5cb6a57181..5c0b6ce061 100644 --- a/core/fxcrt/fx_basic_wstring.cpp +++ b/core/fxcrt/fx_basic_wstring.cpp @@ -607,6 +607,13 @@ void CFX_WideString::FormatV(const wchar_t* pFormat, va_list argList) { } GetBuffer(nMaxLen); if (m_pData) { + // In the following two calls, there's always space in the buffer for + // a terminating NUL that's not included in nMaxLen. + // For vswprintf(), MSAN won't untaint the buffer on a truncated write's + // -1 return code even though the buffer is written. Probably just as well + // not to trust the vendor's implementation to write anything anyways. + // See https://crbug.com/705912. + memset(m_pData->m_String, 0, nMaxLen + 1); FXSYS_vswprintf((wchar_t*)m_pData->m_String, nMaxLen + 1, (const wchar_t*)pFormat, argListSave); ReleaseBuffer(); |