DO NOT MERGE: Initialize the ZipArchive to zero before parsing The fields of the ZipArchive on the stack are not initialized before we call libminzip to parse the zip file. As a result, some random memory location is freed unintentionally when we close the ZipArchive upon parsing failures. Bug: 35385357 Test: recompile and run the poc with asan. Change-Id: I7e7f8ab4816c84a158af7389e1a889f8fc65f079

commit: f39f139103f8d06a0ec24f0d45e263f5c56a0c94 [log] [tgz]
author: Tianjie Xu <xunchang@google.com> Fri Sep 07 15:24:58 2018 -0700
committer: Tianjie Xu <xunchang@google.com> Fri Sep 07 16:14:57 2018 -0700
tree: 267c4e9b290a61345b75b253711ff362f193a2c1
parent: 8e267878cca7785a3ec41c5160888bec65091fb3 [diff] [blame]
diff --git a/install.cpp b/install.cpp
index d30890a..05209cd 100644
--- a/install.cpp
+++ b/install.cpp

@@ -481,7 +481,7 @@
     }
 
     // Try to open the package.
-    ZipArchive zip;
+    ZipArchive zip = {};
     int err = mzOpenZipArchive(map.addr, map.length, &zip);
     if (err != 0) {
         LOGE("Can't open %s\n(%s)\n", path, err != -1 ? strerror(err) : "bad");
commit	f39f139103f8d06a0ec24f0d45e263f5c56a0c94	[log] [tgz]
author	Tianjie Xu <xunchang@google.com>	Fri Sep 07 15:24:58 2018 -0700
committer	Tianjie Xu <xunchang@google.com>	Fri Sep 07 16:14:57 2018 -0700
tree	267c4e9b290a61345b75b253711ff362f193a2c1
parent	8e267878cca7785a3ec41c5160888bec65091fb3 [diff] [blame]