fix: malloc -> calloc to fix CWE-789 vulnerability (#449)

falconandy · web-flow · commit 3793d58ec1b4 · 2023-06-15T10:27:53.000-07:00
diff --git a/Sources/Amplitude/AMPDeviceInfo.m b/Sources/Amplitude/AMPDeviceInfo.m
@@ -224,7 +224,7 @@ + (NSString *)getPlatformString {
 #endif
     size_t size;
     sysctlbyname(sysctl_name, NULL, &size, NULL, 0);
-    char *machine = malloc(size);
+    char *machine = calloc(1, size);
     sysctlbyname(sysctl_name, machine, &size, NULL, 0);
     NSString *platform = [NSString stringWithUTF8String:machine];
     free(machine);
@@ -435,7 +435,7 @@ + (NSString *)getMacAddress {
             errorFlag = @"sysctl mgmtInfoBase failure";
         } else {
             // Alloc memory based on above call
-            if ((msgBuffer = malloc(length)) == NULL) {
+            if ((msgBuffer = calloc(1, length)) == NULL) {
                 errorFlag = @"buffer allocation failure";
             } else {
                 msgBufferAllocated = true;
