From e5975a70e8e03e58f102e8e238143d22cd4d1ed5 Mon Sep 17 00:00:00 2001
From: Ulrich Sibiller <uli42@gmx.de>
Date: Thu, 21 Jun 2018 23:05:05 +0200
Subject: os/io.c: fix unitialised bytes

... by implementing some kind of recalloc (mix of realloc and calloc).

Fixes this valgrind finding:

==7061== Syscall param writev(vector[...]) points to uninitialised byte(s)
==7061==    at 0x781EFE0: __writev_nocancel (syscall-template.S:84)
==7061==    by 0x488974: _XSERVTransSocketWritev (Xtranssock.c:2914)
==7061==    by 0x47DBD3: FlushClient (io.c:1080)
==7061==    by 0x47DBD3: FlushAllOutput.part.0 (io.c:817)
==7061==    by 0x477304: WaitForSomething (WaitFor.c:246)
==7061==    by 0x434369: Dispatch (NXdispatch.c:360)
==7061==    by 0x40EB92: main (main.c:353)
==7061==  Address 0x102106f3 is 50,211 bytes inside a block of size 54,308 alloc'd
==7061==    at 0x4C2FD5F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7061==    by 0x47F08F: FlushClient (io.c:1123)
==7061==    by 0x47F307: WriteToClient (io.c:991)
==7061==    by 0x42903C: doListFontsAndAliases (NXdixfonts.c:660)
==7061==    by 0x42B7D6: ListFonts (NXdixfonts.c:735)
==7061==    by 0x433A6D: ProcListFonts (NXdispatch.c:989)
==7061==    by 0x4344A5: Dispatch (NXdispatch.c:482)
==7061==    by 0x40EB92: main (main.c:353)
==7061==  Uninitialised value was created by a heap allocation
==7061==    at 0x4C2FD5F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7061==    by 0x47F08F: FlushClient (io.c:1123)
==7061==    by 0x47F307: WriteToClient (io.c:991)
==7061==    by 0x42903C: doListFontsAndAliases (NXdixfonts.c:660)
==7061==    by 0x42B7D6: ListFonts (NXdixfonts.c:735)
==7061==    by 0x433A6D: ProcListFonts (NXdispatch.c:989)
==7061==    by 0x4344A5: Dispatch (NXdispatch.c:482)
==7061==    by 0x40EB92: main (main.c:353)
==7061==
---
 nx-X11/programs/Xserver/os/io.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'nx-X11/programs/Xserver/os')

diff --git a/nx-X11/programs/Xserver/os/io.c b/nx-X11/programs/Xserver/os/io.c
index 07399438e..6eeee349a 100644
--- a/nx-X11/programs/Xserver/os/io.c
+++ b/nx-X11/programs/Xserver/os/io.c
@@ -1120,7 +1120,12 @@ FlushClient(ClientPtr who, OsCommPtr oc, const void *__extraBuf, int extraCount)
 		unsigned char *obuf = NULL;
 
 		if (notWritten + BUFSIZE <= INT_MAX) {
-		    obuf = realloc(oco->buf, notWritten + BUFSIZE);
+		    obuf = calloc(1, notWritten + BUFSIZE);
+		    if (obuf)
+		    {
+			memmove(obuf, oco->buf, oco->size);
+			free(oco->buf);
+		    }
 		}
 		if (!obuf)
 		{
-- 
cgit v1.2.3