memset typo in md5.c #1
Description
src/libFLAC/md5.c, line 266 you can find:
memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */
if(0 != ctx->internal_buf) {
free(ctx->internal_buf);
ctx->internal_buf = 0;
ctx->capacity = 0;
}
That memset does not clear the entire structure. It only clears 4 or 8 bytes, depending on the size of the ctx pointer. It should use sizeof(*ctx) not sizeof(ctx). This is old bug from the original md5.c.
Note that the code that follows relies on the bug. If the memset bug is fixed then there could be a memory leak of the internal_buf. I suggest that the memset should be fixed and moved after the internal_buf code.
This should work:
if(0 != ctx->internal_buf) {
free(ctx->internal_buf);
ctx->internal_buf = 0;
ctx->capacity = 0;
}
memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */