Poco::Placeholder initialization uses wrong size

Question

Poco::Placeholder initialization uses wrong size

obiltschnig opened this issue 2 months ago · 0 comments

While investigating another fuzzing issue failing with an use of uninitialized memory I noticed that the initialization of the holder array with std::memset() in the constructor seems to be wrong.

The constructor uses:

std::memset(holder, 0, sizeof(Placeholder));

whereas the declaration of holder is:

mutable unsigned char holder[SizeV+1]

So, this should be:

std::memset(holder, 0, SizeV+1);

or, maybe even better:

std::memset(holder, 0, sizeof(holder));

The std::memcmp() in isEmpty() correctly uses SizeV+1.

Furthermore, destruct() also uses sizeof(Placeholder) instead of SizeV+1 or sizeof(holder).

cc @aleks-f