From 0dfcba9825f1c9fb24987e9b255e8b43be4aae6d Mon Sep 17 00:00:00 2001
From: Tom Englund <tomenglund26@gmail.com>
Date: Wed, 7 May 2025 18:15:27 +0200
Subject: [PATCH] DMABuffer: reserve vector and avoid UB (#10317)

actually reserve the vector instead of initializing it with the
m_attrs.fd.size() adding 4 invalid fd entries, and later emplace_back
the valid ones.

sync_merge_data name is defined as char name[32] a fixed size array, and
c++ technically doesnt allow assigning string literals directly to array
fields in aggregate initializers, it may compile but is technically
undefined behaviour or ill formed. zero initalise it and use
std::ranges::copy_n instead.
---
 src/protocols/types/DMABuffer.cpp | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/protocols/types/DMABuffer.cpp b/src/protocols/types/DMABuffer.cpp
index 326c07367..0f6334e68 100644
--- a/src/protocols/types/DMABuffer.cpp
+++ b/src/protocols/types/DMABuffer.cpp
@@ -111,7 +111,9 @@ CFileDescriptor CDMABuffer::exportSyncFile() {
 #if !defined(__linux__)
     return {};
 #else
-    std::vector<CFileDescriptor> syncFds(m_attrs.fds.size());
+    std::vector<CFileDescriptor> syncFds;
+    syncFds.reserve(m_attrs.fds.size());
+
     for (const auto& fd : m_attrs.fds) {
         if (fd == -1)
             continue;
@@ -135,12 +137,15 @@ CFileDescriptor CDMABuffer::exportSyncFile() {
             continue;
         }
 
+        const std::string      name = "merged release fence";
         struct sync_merge_data data{
-            .name  = "merged release fence",
+            .name  = {}, // zero-initialize name[]
             .fd2   = fd.get(),
             .fence = -1,
         };
 
+        std::ranges::copy_n(name.c_str(), std::min(name.size() + 1, sizeof(data.name)), data.name);
+
         if (doIoctl(syncFd.get(), SYNC_IOC_MERGE, &data) == 0)
             syncFd = CFileDescriptor(data.fence);
         else