[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-bluetooth
Subject:    [BlueZ v2 17/20] sdp: Fix use of uninitialised memory
From:       Bastien Nocera <hadess () hadess ! net>
Date:       2024-05-10 12:10:27
Message-ID: 20240510121355.3241456-18-hadess () hadess ! net
[Download RAW message or body]

Error: UNINIT (CWE-457): [#def10] [important]
bluez-5.75/lib/sdp.c:2302:2: alloc_fn: Calling "malloc" which returns uninitialized \
memory. bluez-5.75/lib/sdp.c:2302:2: assign: Assigning: "seqDTDs" = "malloc(seqlen * \
8UL)", which points to uninitialized data. bluez-5.75/lib/sdp.c:2355:2: \
uninit_use_in_call: Using uninitialized value "*seqDTDs" when calling \
"sdp_seq_alloc". 2353|			}
2354|		}
2355|->		seq = sdp_seq_alloc(seqDTDs, seqs, seqlen);
2356|		free(seqDTDs);
2357|		free(seqs);
---
 lib/sdp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/sdp.c b/lib/sdp.c
index 34b0dbb94eb0..d43bbbd2de05 100644
--- a/lib/sdp.c
+++ b/lib/sdp.c
@@ -2299,7 +2299,7 @@ static sdp_data_t *access_proto_to_dataseq(sdp_record_t *rec, \
sdp_list_t *proto)  sdp_list_t *p;
 
 	seqlen = sdp_list_len(proto);
-	seqDTDs = malloc(seqlen * sizeof(void *));
+	seqDTDs = bt_malloc0(seqlen * sizeof(void *));
 	if (!seqDTDs)
 		return NULL;
 
-- 
2.44.0


[prev in list] [next in list] [prev in thread] [next in thread]