[PATCH 1/2] posix: zero out memory correctly for shm objects

[Gedare Bloom]

---
 cpukit/posix/src/shmheap.c    | 27 +++++++++++++++++++++++----
 cpukit/posix/src/shmwkspace.c |  4 ++++
 2 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/cpukit/posix/src/shmheap.c b/cpukit/posix/src/shmheap.c
index 4f6f105..5896445 100644
--- a/cpukit/posix/src/shmheap.c
+++ b/cpukit/posix/src/shmheap.c
@@ -23,13 +23,15 @@ int _POSIX_Shm_Object_create_from_heap(
   size_t size
 )
 {
-  shm->shm_object.handle = malloc( size );
+  shm->shm_object.handle = calloc( 1, size ); /* get zero'd memory */
   shm->shm_object.size = size;
   return 0;
 }
 
 int _POSIX_Shm_Object_delete_from_heap( POSIX_Shm_Control *shm )
 {
+  /* zero out memory before releasing it. */
+  memset( shm->shm_object.handle, 0, shm->shm_object.size );
   free( shm->shm_object.handle );
   shm->shm_object.handle = NULL;
   shm->shm_object.size = 0;
@@ -41,9 +43,26 @@ int _POSIX_Shm_Object_resize_from_heap(
   size_t size
 )
 {
-  shm->shm_object.handle = realloc( shm->shm_object.handle, size );
-  shm->shm_object.size = size;
-  return 0;
+  void *p;
+  int err = 0;
+
+  if ( size < shm->shm_object.size ) {
+    /* zero out if shrinking */
+    p = (void*)((uintptr_t)shm->shm_object.handle + (uintptr_t)size);
+    memset( p, 0, shm->shm_object.size - size );
+  }
+  p = realloc( shm->shm_object.handle, size );
+  if ( p != NULL ) {
+    shm->shm_object.handle = p;
+    if ( size > shm->shm_object.size ) {
+      /* initialize added memory */ 
+      memset( p, 0, size - shm->shm_object.size );
+    }
+    shm->shm_object.size = size;
+  } else {
+    err = EIO;
+  }
+  return err;
 }
 
 void *_POSIX_Shm_Object_mmap_from_heap(
diff --git a/cpukit/posix/src/shmwkspace.c b/cpukit/posix/src/shmwkspace.c
index f4f79a1..59573dd 100644
--- a/cpukit/posix/src/shmwkspace.c
+++ b/cpukit/posix/src/shmwkspace.c
@@ -24,12 +24,15 @@ int _POSIX_Shm_Object_create_from_workspace(
 )
 {
   shm->shm_object.handle = _Workspace_Allocate_or_fatal_error( size );
+  memset( shm->shm_object.handle, 0, size );
   shm->shm_object.size = size;
   return 0;
 }
 
 int _POSIX_Shm_Object_delete_from_workspace( POSIX_Shm_Control *shm )
 {
+  /* zero out memory before releasing it. */
+  memset( shm->shm_object.handle, 0, shm->shm_object.size );
   _Workspace_Free( shm->shm_object.handle );
   shm->shm_object.handle = NULL;
   shm->shm_object.size = 0;
@@ -48,6 +51,7 @@ int _POSIX_Shm_Object_resize_from_workspace(
   } else if ( shm->shm_object.handle == NULL && shm->shm_object.size == 0 ) { 
     err = _POSIX_Shm_Object_create_from_workspace( shm, size );
   } else {
+    /* Refuse to resize a workspace object. */
     err = EIO;
   }
   return err;
-- 
1.9.1