From ad78a8e73b5265bbbd1695fa573482bae2911fe7 Mon Sep 17 00:00:00 2001
From: rswindell <>
Date: Sat, 6 Oct 2018 22:34:11 +0000
Subject: [PATCH] zero-initialize the msg-scan (subscan) allocated array, so if
 an uninitialized is ever written to disk, it'll be zeroes not garbage. Also,
 NULL the subscan pointer after freeing (and don't free if it's NULL).

---
 src/sbbs3/websrvr.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/sbbs3/websrvr.c b/src/sbbs3/websrvr.c
index 09595d2819..254e3ebe74 100644
--- a/src/sbbs3/websrvr.c
+++ b/src/sbbs3/websrvr.c
@@ -6331,7 +6331,7 @@ void http_session_thread(void* arg)
 	session.last_js_user_num=-1;
 	session.logon_time=0;
 
-	session.subscan=(subscan_t*)malloc(sizeof(subscan_t)*scfg.total_subs);
+	session.subscan=(subscan_t*)calloc(scfg.total_subs, sizeof(subscan_t));
 
 	while(!session.finished) {
 		init_error=FALSE;
@@ -6443,7 +6443,7 @@ void http_session_thread(void* arg)
 	sem_wait(&session.output_thread_terminated);
 	sem_destroy(&session.output_thread_terminated);
 	RingBufDispose(&session.outbuf);
-	free(session.subscan);
+	FREE_AND_NULL(session.subscan);
 
 	clients_remain=protected_uint32_adjust(&active_clients, -1);
 	update_clients();
-- 
GitLab