From bbc213a7d73a696af223e321d6ba16d24e1e9f86 Mon Sep 17 00:00:00 2001
From: Charlie <13204117850@163.com>
Date: Thu, 5 Nov 2020 11:15:39 +0800
Subject: [PATCH] Update CDVAssetLibraryFilesystem.m

Usage of malloc will lead to heap overflow attack due to insecure coding, Should be usage calloc!
---
 src/ios/CDVAssetLibraryFilesystem.m | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ios/CDVAssetLibraryFilesystem.m b/src/ios/CDVAssetLibraryFilesystem.m
index 8486b7be1..35700dc9f 100644
--- a/src/ios/CDVAssetLibraryFilesystem.m
+++ b/src/ios/CDVAssetLibraryFilesystem.m
@@ -195,7 +195,7 @@ - (void)readFileAtURL:(CDVFilesystemURL *)localURL start:(NSInteger)start end:(N
             // We have the asset!  Get the data and send it off.
             ALAssetRepresentation* assetRepresentation = [asset defaultRepresentation];
             NSUInteger size = (end > start) ? (end - start) : [assetRepresentation size];
-            Byte* buffer = (Byte*)malloc(size);
+            Byte* buffer = (Byte*)calloc(1, size);
             NSUInteger bufferSize = [assetRepresentation getBytes:buffer fromOffset:start length:size error:nil];
             NSData* data = [NSData dataWithBytesNoCopy:buffer length:bufferSize freeWhenDone:YES];
             NSString* MIMEType = (__bridge_transfer NSString*)UTTypeCopyPreferredTagWithClass((__bridge CFStringRef)[assetRepresentation UTI], kUTTagClassMIMEType);