From 331534286f964be035c3dbefac01f25d5aaaccef Mon Sep 17 00:00:00 2001
From: Philippe Antoine <contact@catenacyber.fr>
Date: Tue, 5 Jan 2021 13:00:13 +0100
Subject: [PATCH] options: Fix buffer over read in fio_keyword_replace

By making sure allocated memory is filled with zeroes

Signed-off-by: Philippe Antoine <contact@catenacyber.fr>
---
 options.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/options.c b/options.c
index 1e91b3e9..0aded2ea 100644
--- a/options.c
+++ b/options.c
@@ -5064,7 +5064,7 @@ static char *fio_keyword_replace(char *opt)
 		struct fio_keyword *kw = &fio_keywords[i];
 
 		while ((s = strstr(opt, kw->word)) != NULL) {
-			char *new = malloc(strlen(opt) + 1);
+			char *new = calloc(strlen(opt) + 1, 1);
 			char *o_org = opt;
 			int olen = s - opt;
 			int len;
@@ -5081,6 +5081,7 @@ static char *fio_keyword_replace(char *opt)
 			 * in too
 			 */
 			opt += strlen(kw->word) + olen;
+			/* keeps final zero thanks to calloc */
 			if (strlen(opt))
 				memcpy(new + olen + len, opt, opt - o_org - 1);
 
-- 
2.25.1