...
In this example, the padding bytes after char b are left uninitialized and are leaked.
| Code Block | ||
|---|---|---|
| ||
#include <stddef.h> struct test{ int a; char b; int c; }; /* ... . safely copy data to user space ... */ extern int copy_to_user(void *dest, void *src, size_t size); void do_stuff(void *usr_buf) { struct test arg = {.a=1,.b=2,.c=3}; /* .. . // perform operations on arg . . // ... */ /* copy arg to user space */ copy_to_user(ptrusr_buf, &arg, sizeof(arg)); /* ... */ } |
The padding bytes could be explicitly initialized using memset to zero as shown below.
...