This is an automated email from the ASF dual-hosted git repository. rleigh pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/xerces-c.git
The following commit(s) were added to refs/heads/master by this push: new ef2e9b4 DFAContentModel::buildDFA(): correctly zero-initialize fFollowList new 045bdf8 Merge pull request #45 from rouault/fix_wrong_init ef2e9b4 is described below commit ef2e9b4b94bef326ff03a9f3e12145317424ce0a Author: Even Rouault <even.roua...@spatialys.com> AuthorDate: Mon Dec 20 20:13:02 2021 +0100 DFAContentModel::buildDFA(): correctly zero-initialize fFollowList Due to a copy&paste issue, the intended zero-initialization of fFollowList wasn't done (copy&paste issue), and thus in case of OutOfMemory exception when initializing the array, the memory freeing in cleanup() could access uninitialized elements. Follow-up of https://github.com/apache/xerces-c/pull/40 / a65990d79d3fc333d7481f010da4e165a88b6cb3 Fixes GDAL's https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42636 --- src/xercesc/validators/common/DFAContentModel.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/xercesc/validators/common/DFAContentModel.cpp b/src/xercesc/validators/common/DFAContentModel.cpp index 6d6b124..856f88f 100644 --- a/src/xercesc/validators/common/DFAContentModel.cpp +++ b/src/xercesc/validators/common/DFAContentModel.cpp @@ -682,7 +682,7 @@ void DFAContentModel::buildDFA(ContentSpecNode* const curNode) ( fLeafCount * sizeof(CMStateSet*) ); //new CMStateSet*[fLeafCount]; - memset(fLeafList, 0, fLeafCount*sizeof(CMStateSet*)); + memset(fFollowList, 0, fLeafCount*sizeof(CMStateSet*)); for (index = 0; index < fLeafCount; index++) fFollowList[index] = new (fMemoryManager) CMStateSet(fLeafCount, fMemoryManager); --------------------------------------------------------------------- To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org