From 57446b67ba5f6f7cf46a6ca6109cfb94352b4a1a Mon Sep 17 00:00:00 2001
From: Louis Solofrizzo <lsolofrizzo@scaleway.com>
Date: Mon, 26 Feb 2024 12:07:22 +0100
Subject: [PATCH] lib: initialize output pointers to NULL before calling
 strto[ff,l,ul]

In order to make MSAN happy:

    ==2200945==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x596f3b3ed246 in curlx_strtoofft [...]/libcurl/src/lib/strtoofft.c:239:11
    #1 0x596f3b402156 in Curl_httpchunk_read [...]/libcurl/src/lib/http_chunks.c:149:12
    #2 0x596f3b348550 in readwrite_data [...]/libcurl/src/lib/transfer.c:607:11
    [...]

    ==2202041==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x5a3fab66a72a in Curl_parse_port [...]/libcurl/src/lib/urlapi.c:547:8
    #1 0x5a3fab650645 in parse_authority [...]/libcurl/src/lib/urlapi.c:796:12
    #2 0x5a3fab6740f6 in parseurl [...]/libcurl/src/lib/urlapi.c:1176:16
    #3 0x5a3fab664fc5 in parseurl_and_replace [...]/libcurl/src/lib/urlapi.c:1342:12
    [...]

    ==2202320==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x569076a0d6b0 in ipv4_normalize [...]/libcurl/src/lib/urlapi.c:683:12
    #1 0x5690769f2820 in parse_authority [...]/libcurl/src/lib/urlapi.c:803:10
    #2 0x569076a160f6 in parseurl [...]/libcurl/src/lib/urlapi.c:1176:16
    #3 0x569076a06fc5 in parseurl_and_replace [...]/libcurl/src/lib/urlapi.c:1342:12
    [...]

Signed-off-by: Louis Solofrizzo <lsolofrizzo@scaleway.com>
Closes #12995
---
 lib/strtoofft.c | 2 +-
 lib/urlapi.c    | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/strtoofft.c b/lib/strtoofft.c
index 4a1d6438931787..580fd23bf1ea33 100644
--- a/lib/strtoofft.c
+++ b/lib/strtoofft.c
@@ -212,7 +212,7 @@ static int get_char(char c, int base)
 CURLofft curlx_strtoofft(const char *str, char **endp, int base,
                          curl_off_t *num)
 {
-  char *end;
+  char *end = NULL;
   curl_off_t number;
   errno = 0;
   *num = 0; /* clear by default */
diff --git a/lib/urlapi.c b/lib/urlapi.c
index 3cd0362c51d210..dc42489722bc2c 100644
--- a/lib/urlapi.c
+++ b/lib/urlapi.c
@@ -531,7 +531,7 @@ UNITTEST CURLUcode Curl_parse_port(struct Curl_URL *u, struct dynbuf *host,
     portptr = strchr(hostname, ':');
 
   if(portptr) {
-    char *rest;
+    char *rest = NULL;
     long port;
     size_t keep = portptr - hostname;
 
@@ -681,7 +681,7 @@ static int ipv4_normalize(struct dynbuf *host)
     return HOST_IPV6;
 
   while(!done) {
-    char *endp;
+    char *endp = NULL;
     unsigned long l;
     if(!ISDIGIT(*c))
       /* most importantly this doesn't allow a leading plus or minus */