From 667328994494906755076f6fddaa53b1169ad110 Mon Sep 17 00:00:00 2001 From: Schaich Date: Mon, 14 Jun 2021 22:37:25 +0900 Subject: [PATCH] Initialize local variable In `aztec_text_process`, `binary_string`, which aliases to `aztec`'s `bit_pattern` has it's first element set to NUL. However, when the string is later written into using `bin_append_posn`, that NUL is overwritten and further NUL to replace it is not appended. In general, the garbage collected memory content should never be assumed to have a specific value unless a value was explicitly assigned, so the content of `bit_pattern` cannot be safely assumed to be NUL. If the string is not NUL terminated, functions relying on NUL termination, such as the printf call at the end of `aztec_text_proccess` itself, will overrun the array bounds. Explicitly initialize `bit_pattern` --- backend/aztec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/backend/aztec.c b/backend/aztec.c index e6459f74..51bbb532 100644 --- a/backend/aztec.c +++ b/backend/aztec.c @@ -852,6 +852,7 @@ INTERNAL int aztec(struct zint_symbol *symbol, unsigned char source[], int lengt #endif memset(adjusted_string, 0, AZTEC_MAX_CAPACITY); + memset(bit_pattern, 0, AZTEC_MAP_POSN_MAX + 1); if ((symbol->input_mode & 0x07) == GS1_MODE) { gs1 = 1;