From 1321c26fc63ec7e9bec50cc56e20eac86c4d0c15 Mon Sep 17 00:00:00 2001 From: Eric Salo Date: Fri, 6 Sep 2024 17:03:46 -0700 Subject: [PATCH] upb: fix uninitialized upb_MessageValue buffer bugs Fixes https://github.com/protocolbuffers/protobuf/issues/18045 This should also cover https://github.com/googleapis/proto-plus-python/issues/483 once we release it. PiperOrigin-RevId: 671934556 --- upb/json/decode.c | 6 ++++-- upb/reflection/message.c | 3 ++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/upb/json/decode.c b/upb/json/decode.c index 8fe655ccfddf6..5659a017aac82 100644 --- a/upb/json/decode.c +++ b/upb/json/decode.c @@ -711,7 +711,8 @@ static upb_MessageValue jsondec_int(jsondec* d, const upb_FieldDef* f) { /* Parse UINT32 or UINT64 value. */ static upb_MessageValue jsondec_uint(jsondec* d, const upb_FieldDef* f) { - upb_MessageValue val = {0}; + upb_MessageValue val; + memset(&val, 0, sizeof(val)); switch (jsondec_peek(d)) { case JD_NUMBER: { @@ -748,7 +749,8 @@ static upb_MessageValue jsondec_uint(jsondec* d, const upb_FieldDef* f) { /* Parse DOUBLE or FLOAT value. */ static upb_MessageValue jsondec_double(jsondec* d, const upb_FieldDef* f) { upb_StringView str; - upb_MessageValue val = {0}; + upb_MessageValue val; + memset(&val, 0, sizeof(val)); switch (jsondec_peek(d)) { case JD_NUMBER: diff --git a/upb/reflection/message.c b/upb/reflection/message.c index 285418295a2ea..f47a777bf46e7 100644 --- a/upb/reflection/message.c +++ b/upb/reflection/message.c @@ -138,7 +138,8 @@ bool upb_Message_Next(const upb_Message* msg, const upb_MessageDef* m, const upb_MiniTable* mt = upb_MessageDef_MiniTable(m); size_t i = *iter; size_t n = upb_MiniTable_FieldCount(mt); - const upb_MessageValue zero = {0}; + upb_MessageValue zero; + memset(&zero, 0, sizeof(zero)); UPB_UNUSED(ext_pool); // Iterate over normal fields, returning the first one that is set.