options: Fix buffer over read in fio_keyword_replace

By making sure allocated memory is filled with zeroes

Signed-off-by: Philippe Antoine <contact@catenacyber.fr>

diff --git a/options.c b/options.c
index 1e91b3e9e23a79eb780b35c22e9cd7681e82ab58..0aded2ea1630466bac09413fda50debe20e1699f 100644 (file)
--- a/options.c
+++ b/options.c
@@ -5064,7 +5064,7 @@ static char *fio_keyword_replace(char *opt)
                struct fio_keyword *kw = &fio_keywords[i];
 
                while ((s = strstr(opt, kw->word)) != NULL) {
-                       char *new = malloc(strlen(opt) + 1);
+                       char *new = calloc(strlen(opt) + 1, 1);
                        char *o_org = opt;
                        int olen = s - opt;
                        int len;
@@ -5081,6 +5081,7 @@ static char *fio_keyword_replace(char *opt)
                         * in too
                         */
                        opt += strlen(kw->word) + olen;
+                       /* keeps final zero thanks to calloc */
                        if (strlen(opt))
                                memcpy(new + olen + len, opt, opt - o_org - 1);