From 9dc64621d896d05fcb0e6f45792a307fde130823 Mon Sep 17 00:00:00 2001 From: Lee Shombert Date: Fri, 14 Mar 2025 10:02:08 -0700 Subject: Zero-initialize CursorWindow buffer Zero-initialize mData in CursorWindow::create(). The caller might not fully fill that buffer before sending it to the remote end. It is not necessary to zero-initialize in CursorWindow::createFromParcel(), since the buffer is immediately filled from the far end. Flag: EXEMPT bug-fix Bug: 309407957 Test: atest * libandroidfw_tests * FrameworksCoreTests:android.database * CtsDatabaseTestCases Change-Id: I755240b0e3ba185c01036a5e00c8785d2e1ac11a --- libs/androidfw/CursorWindow.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'libs/androidfw') diff --git a/libs/androidfw/CursorWindow.cpp b/libs/androidfw/CursorWindow.cpp index a592749c5398..6e11d430c5ea 100644 --- a/libs/androidfw/CursorWindow.cpp +++ b/libs/androidfw/CursorWindow.cpp @@ -55,7 +55,7 @@ status_t CursorWindow::create(const String8 &name, size_t inflatedSize, CursorWi window->mName = name; window->mSize = std::min(kInlineSize, inflatedSize); window->mInflatedSize = inflatedSize; - window->mData = malloc(window->mSize); + window->mData = calloc(window->mSize, 1); if (!window->mData) goto fail; window->mReadOnly = false; -- cgit v1.2.3-59-g8ed1b