From 298a537d5f6783e55d87e40011ee3fd3b22b72f9 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 17 Aug 2023 01:39:01 +0000
Subject: [PATCH] gvariant: Zero-initialise various GVariantSerialised objects

The following few commits will add a couple of new fields to
`GVariantSerialised`, and they should be zero-filled by default.

Try and pre-empt that a bit by zero-filling `GVariantSerialised` by
default in a few places.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2121

CVE: CVE-2023-32665
Upstream-Status: Backport from [https://gitlab.gnome.org/GNOME/glib/-/commit/298a537d5f6783e55d87e40011ee3fd3b22b72f9]
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
---
 glib/gvariant.c       |  2 +-
 glib/tests/gvariant.c | 12 ++++++------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/glib/gvariant.c b/glib/gvariant.c
index f910bd4..8ba701e 100644
--- a/glib/gvariant.c
+++ b/glib/gvariant.c
@@ -5936,7 +5936,7 @@ g_variant_byteswap (GVariant *value)
   if (alignment)
     /* (potentially) contains multi-byte numeric data */
     {
-      GVariantSerialised serialised;
+      GVariantSerialised serialised = { 0, };
       GVariant *trusted;
       GBytes *bytes;
 
diff --git a/glib/tests/gvariant.c b/glib/tests/gvariant.c
index 640f3c0..d640c81 100644
--- a/glib/tests/gvariant.c
+++ b/glib/tests/gvariant.c
@@ -1446,7 +1446,7 @@ test_maybe (void)
 
     for (flavour = 0; flavour < 8; flavour += alignment)
       {
-        GVariantSerialised serialised;
+        GVariantSerialised serialised = { 0, };
         GVariantSerialised child;
 
         serialised.type_info = type_info;
@@ -1572,7 +1572,7 @@ test_array (void)
 
     for (flavour = 0; flavour < 8; flavour += alignment)
       {
-        GVariantSerialised serialised;
+        GVariantSerialised serialised = { 0, };
 
         serialised.type_info = array_info;
         serialised.data = flavoured_malloc (needed_size, flavour);
@@ -1738,7 +1738,7 @@ test_tuple (void)
 
     for (flavour = 0; flavour < 8; flavour += alignment)
       {
-        GVariantSerialised serialised;
+        GVariantSerialised serialised = { 0, };
 
         serialised.type_info = type_info;
         serialised.data = flavoured_malloc (needed_size, flavour);
@@ -1835,7 +1835,7 @@ test_variant (void)
 
     for (flavour = 0; flavour < 8; flavour += alignment)
       {
-        GVariantSerialised serialised;
+        GVariantSerialised serialised = { 0, };
         GVariantSerialised child;
 
         serialised.type_info = type_info;
@@ -2284,7 +2284,7 @@ serialise_tree (TreeInstance       *tree,
 static void
 test_byteswap (void)
 {
-  GVariantSerialised one, two;
+  GVariantSerialised one = { 0, }, two = { 0, };
   TreeInstance *tree;
 
   tree = tree_instance_new (NULL, 3);
@@ -2358,7 +2358,7 @@ test_serialiser_children (void)
 static void
 test_fuzz (gdouble *fuzziness)
 {
-  GVariantSerialised serialised;
+  GVariantSerialised serialised = { 0, };
   TreeInstance *tree;
 
   /* make an instance */
-- 
2.24.4