Update of bug #66081 (group groff):
Status: In Progress => Fixed
Open/Closed: Open => Closed
Planned Release: None => 1.24.0
_______________________________________________________
Follow-up Comment #1:
Hi Lukas,
I goofed the commit message on this one, and forgot to mark you as the author.
Sorry about that.
The ChangeLog is correct. Also, I altered the patch anyway, to use a
C++98-compatible form of
initialization--[https://en.cppreference.com/w/cpp/language/history direct
initialization didn't come into the language standard until C++03].
commit c77f59e32339183d887300e3198707e4e4ad06dc
Author: G. Branden Robinson <g.branden.robin...@gmail.com>
Date: Wed Aug 14 15:25:00 2024 -0500
[troff]: Fix Savannah #66081.
* src/roff/troff/env.cpp (override_sizes): Zero out heap-allocated
memory prior to use. If `strtok()` returns a null pointer, we break
early from the `for` loop before populating it. The only other case
where we break out of the loop is when `lower` is 0, and we do only
after adding this 0 to `sizes`. Since this memory is then passed to
`font_size::init_size_table()`, which uses a zero integer to detect
the end of the list, we could then access uninitialized memory. [The
user is not required to supply a zero argument to the `sizes` request.
I also revised the patch to use memset(3) instead of (an empty) value
initializer, which is a C++03 feature. --GBR]
Fixes <https://savannah.gnu.org/bugs/?66081>.
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?66081>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
signature.asc
Description: PGP signature
