fix: malloc -> calloc to fix CWE-789 vulnerability (#449)

amplitude · Jun 15, 2023 · 3793d58 · 3793d58
1 parent 1928898
commit 3793d58
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/Sources/Amplitude/AMPDeviceInfo.m b/Sources/Amplitude/AMPDeviceInfo.m
@@ -224,7 +224,7 @@ + (NSString *)getPlatformString {
 #endif
     size_t size;
     sysctlbyname(sysctl_name, NULL, &size, NULL, 0);
-    char *machine = malloc(size);
+    char *machine = calloc(1, size);
     sysctlbyname(sysctl_name, machine, &size, NULL, 0);
     NSString *platform = [NSString stringWithUTF8String:machine];
     free(machine);
@@ -435,7 +435,7 @@ + (NSString *)getMacAddress {
             errorFlag = @"sysctl mgmtInfoBase failure";
         } else {
             // Alloc memory based on above call
-            if ((msgBuffer = malloc(length)) == NULL) {
+            if ((msgBuffer = calloc(1, length)) == NULL) {
                 errorFlag = @"buffer allocation failure";
             } else {
                 msgBufferAllocated = true;