diff options
| author | Dan Williams <dan@ioncontrol.co> | 2025-09-16 22:54:03 -0500 |
|---|---|---|
| committer | Noel Grandin <noel.grandin@collabora.co.uk> | 2025-09-17 16:27:19 +0200 |
| commit | 87e3e111d24d8a83d4a5c6fcbd99d5d82a4c6771 (patch) | |
| tree | 4a5beb1f71d26b372f2e2fe047c1e7c50069a9a2 | |
| parent | 4dc20af89779241eeae85f61b32a9b1d85c6da3e (diff) | |
connectivity/macab: ensure records array is zero-initialized
When constructing a MacabRecords by passing an existing MacabRecords
object, the new object allocates storage for records but does not copy
them, which is left up to the caller. But if the caller does not copy
records, the 'records' array elements are uninitialized garbage, leading
to a crash when the new MacabRecords object is disposed and those
garbage pointers are freed.
Signed-off-by: Dan Williams <dan@ioncontrol.co>
Change-Id: I6d381e523dd3f252f088bb879e886854ffe0163a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/191058
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
Tested-by: Jenkins
| -rw-r--r-- | connectivity/source/drivers/macab/MacabRecords.cxx | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/connectivity/source/drivers/macab/MacabRecords.cxx b/connectivity/source/drivers/macab/MacabRecords.cxx index a4f2c61a8b0c..eb812790a4bf 100644 --- a/connectivity/source/drivers/macab/MacabRecords.cxx +++ b/connectivity/source/drivers/macab/MacabRecords.cxx @@ -92,7 +92,7 @@ MacabRecords::MacabRecords(const ABAddressBookRef _addressBook, MacabHeader *_he */ MacabRecords::MacabRecords(const MacabRecords *_copy) : recordsSize(_copy->recordsSize), currentRecord(0), recordType(kABPersonRecordType), - header(nullptr), records(new MacabRecord *[recordsSize]), addressBook(_copy->addressBook), + header(nullptr), records(new MacabRecord *[recordsSize]()), addressBook(_copy->addressBook), m_sName(_copy->m_sName) { /* Variables constructed... */ |