RFR: 8325680: Uninitialised memory in deleteGSSCB of GSSLibStub.c:179
Weijun Wang
weijun at openjdk.org
Tue Feb 27 17:00:53 UTC 2024
On Tue, 27 Feb 2024 16:36:42 GMT, Mark Powers <mpowers at openjdk.org> wrote:
> Why do you have to set memory to zero? If you really need to, `calloc()` sets memory to zero.
Inside `newGSSCB`, if there is anything wrong before `cb->application_data` is initialized, `deleteGSSCB` will be called and it has
if (cb->application_data.length != 0) {
resetGSSBuffer(&(cb->application_data));
}
Now if `length` is not zero, `resetGSSBuffer` function calls `free` on a buffer.
And yes, `calloc` should also work.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/18015#issuecomment-1967126345
More information about the security-dev
mailing list