[Libreoffice-commits] core.git: sw/source

[Caolán McNamara (via logerrit)]

 sw/source/filter/ww8/ww8scan.cxx |    9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

New commits:
commit 2053a545413e788f6d3fb74e0335f8f2d354a0cc
Author:     Caolán McNamara <caolanm at redhat.com>
AuthorDate: Mon Aug 30 16:35:36 2021 +0100
Commit:     Caolán McNamara <caolanm at redhat.com>
CommitDate: Tue Aug 31 14:44:34 2021 +0200

    ofz: MemorySanitizer: use-of-uninitialized-value
    
    no idea why its like this in the first place, but I'm not
    going to change it decades later, just zero out the uninit
    bytes
    
    Change-Id: Ie5d875523999d465dc167ac4fedcb99d3825ae99
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/121363
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <caolanm at redhat.com>

diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx
index b79881604a8d..cf81cc434560 100644
--- a/sw/source/filter/ww8/ww8scan.cxx
+++ b/sw/source/filter/ww8/ww8scan.cxx
@@ -2313,8 +2313,15 @@ void WW8PLCF::ReadPLCF(SvStream& rSt, WW8_FC nFilePos, sal_uInt32 nPLCF)
     if (bValid)
     {
         // Pointer to Pos-array
-        pPLCF_PosArray.reset( new WW8_CP[ ( nPLCF + 3 ) / 4 ] );
+        const size_t nEntries = (nPLCF + 3) / 4;
+        pPLCF_PosArray.reset(new WW8_CP[nEntries]);
         bValid = checkRead(rSt, pPLCF_PosArray.get(), nPLCF);
+        size_t nBytesAllocated = nEntries * sizeof(WW8_CP);
+        if (bValid && nPLCF != nBytesAllocated)
+        {
+            sal_uInt8* pStartBlock = reinterpret_cast<sal_uInt8*>(pPLCF_PosArray.get());
+            memset(pStartBlock + nPLCF, 0, nBytesAllocated - nPLCF);
+        }
     }
 
     if (bValid)