From: Stefan Eissing <stefan@eissing.org>
Date: Thu, 27 Nov 2025 09:23:43 +0000 (+0100)
Subject: vquic: do_sendmsg full init
X-Git-Tag: rc-8_18_0-1~130
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a9e7a027ed866b791c12a3c701dc40304f4e00cb;p=thirdparty%2Fcurl.git

vquic: do_sendmsg full init

When passing a `msg_ctrl` to sendmsg() as part of GSO handling, zero the
complete array. This fixes any false positives by valgrind that complain
about uninitialised memory, even though the kernel only ever accesses
the first two bytes.

Reported-by: Aleksei Bavshin
Fixes #19714
Closes #19715
---

diff --git a/lib/vquic/vquic.c b/lib/vquic/vquic.c
index 562a99e4fe..aa0011c577 100644
--- a/lib/vquic/vquic.c
+++ b/lib/vquic/vquic.c
@@ -145,6 +145,7 @@ static CURLcode do_sendmsg(struct Curl_cfilter *cf,
   if(pktlen > gsolen) {
     /* Only set this, when we need it. macOS, for example,
      * does not seem to like a msg_control of length 0. */
+    memset(msg_ctrl, 0, sizeof(msg_ctrl));
     msg.msg_control = msg_ctrl;
     assert(sizeof(msg_ctrl) >= CMSG_SPACE(sizeof(int)));
     msg.msg_controllen = CMSG_SPACE(sizeof(int));