While investigating another fuzzing issue failing with an use of uninitialized memory I noticed that the initialization of the holder array with std::memset() in the constructor seems to be wrong.
The constructor uses:
std::memset(holder, 0, sizeof(Placeholder));
whereas the declaration of holder is:
mutable unsigned char holder[SizeV+1]
So, this should be:
std::memset(holder, 0, SizeV+1);
or, maybe even better:
std::memset(holder, 0, sizeof(holder));
The std::memcmp() in isEmpty() correctly uses SizeV+1.
Furthermore, destruct() also uses sizeof(Placeholder) instead of SizeV+1 or sizeof(holder).
cc @aleks-f
While investigating another fuzzing issue failing with an use of uninitialized memory I noticed that the initialization of the
holderarray withstd::memset()in the constructor seems to be wrong.The constructor uses:
whereas the declaration of
holderis:So, this should be:
or, maybe even better:
The
std::memcmp()inisEmpty()correctly usesSizeV+1.Furthermore,
destruct()also usessizeof(Placeholder)instead ofSizeV+1orsizeof(holder).cc @aleks-f