From: Petr Sumbera <petr.sumbera@oracle.com>
Subject: Clear range of pointers before they are used/freed
References: boo#1194037 CVE-2021-45261
Patch-mainline: Not yet, submitted to bug tracker at https://savannah.gnu.org/bugs/?61685

Fix the following segmentation fault:

==46183==ERROR: AddressSanitizer: SEGV on unknown address (pc
0x7fae9677ec86 bp 0xbebebebebebebebe sp 0x7ffc4350de80 T0)
==46183==The signal is caused by a READ memory access.
==46183==Hint: this fault was caused by a dereference of a high value
address (see register values below).  Dissassemble the provided pc to
learn which register was used.
    #0 0x7fae9677ec86 in __asan::asan_free(void*,
       __sanitizer::BufferedStackTrace*, __asan::AllocType)
       (/lib64/libasan.so.6+0x28c86)
    #1 0x7fae9680a674 in free (/lib64/libasan.so.6+0xb4674)
    #2 0x4166f3 in another_hunk /home/test/gnu-patch/src/pch.c:1187
    #3 0x4086ad in main /home/test/gnu-patch/src/patch.c:408
    #4 0x7fae9658ceaf in __libc_start_call_main
       (/lib64/libc.so.6+0x3feaf)
    #5 0x7fae9658cf5f in __libc_start_main_impl
       (/lib64/libc.so.6+0x3ff5f)
    #6 0x404b64 in _start
       (/home/test/gnu-patch/PROTO/bin/patch+0x404b64)
---
 src/pch.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/src/pch.c
+++ b/src/pch.c
@@ -1348,7 +1348,8 @@ another_hunk (enum diff difftype, bool r
 			/* 'Old' lines were omitted.  Set up to fill
 			   them in from 'new' context lines.  */
 			ptrn_missing = true;
-			p_end = p_ptrn_lines + 1;
+			while (p_end < p_ptrn_lines + 1)
+			    p_line[p_end++] = NULL;
 			ptrn_prefix_context = ptrn_suffix_context = -1;
 			fillsrc = p_end + 1;
 			filldst = 1;