Zero-initialize CursorWindow buffer
Zero-initialize mData in CursorWindow::create(). The caller might not
fully fill that buffer before sending it to the remote end. It is not
necessary to zero-initialize in CursorWindow::createFromParcel(),
since the buffer is immediately filled from the far end.
Flag: EXEMPT bug-fix
Bug: 309407957
Test: atest
* libandroidfw_tests
* FrameworksCoreTests:android.database
* CtsDatabaseTestCases
Change-Id: I755240b0e3ba185c01036a5e00c8785d2e1ac11a
diff --git a/libs/androidfw/CursorWindow.cpp b/libs/androidfw/CursorWindow.cpp
index a592749..6e11d43 100644
--- a/libs/androidfw/CursorWindow.cpp
+++ b/libs/androidfw/CursorWindow.cpp
@@ -55,7 +55,7 @@
window->mName = name;
window->mSize = std::min(kInlineSize, inflatedSize);
window->mInflatedSize = inflatedSize;
- window->mData = malloc(window->mSize);
+ window->mData = calloc(window->mSize, 1);
if (!window->mData) goto fail;
window->mReadOnly = false;