[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-bluetooth
Subject: [BlueZ v2 17/20] sdp: Fix use of uninitialised memory
From: Bastien Nocera <hadess () hadess ! net>
Date: 2024-05-10 12:10:27
Message-ID: 20240510121355.3241456-18-hadess () hadess ! net
[Download RAW message or body]
Error: UNINIT (CWE-457): [#def10] [important]
bluez-5.75/lib/sdp.c:2302:2: alloc_fn: Calling "malloc" which returns uninitialized \
memory. bluez-5.75/lib/sdp.c:2302:2: assign: Assigning: "seqDTDs" = "malloc(seqlen * \
8UL)", which points to uninitialized data. bluez-5.75/lib/sdp.c:2355:2: \
uninit_use_in_call: Using uninitialized value "*seqDTDs" when calling \
"sdp_seq_alloc". 2353| }
2354| }
2355|-> seq = sdp_seq_alloc(seqDTDs, seqs, seqlen);
2356| free(seqDTDs);
2357| free(seqs);
---
lib/sdp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/sdp.c b/lib/sdp.c
index 34b0dbb94eb0..d43bbbd2de05 100644
--- a/lib/sdp.c
+++ b/lib/sdp.c
@@ -2299,7 +2299,7 @@ static sdp_data_t *access_proto_to_dataseq(sdp_record_t *rec, \
sdp_list_t *proto) sdp_list_t *p;
seqlen = sdp_list_len(proto);
- seqDTDs = malloc(seqlen * sizeof(void *));
+ seqDTDs = bt_malloc0(seqlen * sizeof(void *));
if (!seqDTDs)
return NULL;
--
2.44.0
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic