File 1837-Write-padding-values-to-ensure-pcre2_serialize_encod.patch of Package erlang

From 73b558ca0893054b5893801c401045b4d0b6a389 Mon Sep 17 00:00:00 2001
From: Sverker Eriksson <sverker@erlang.org>
Date: Mon, 27 Oct 2025 16:05:36 +0100
Subject: [PATCH 7/7] Write padding values to ensure pcre2_serialize_encode()
 outputs defined values (#826)

Fixes low-severity valgrind error reported in GHSA-q7rw-r7qq-2hx6.


Cherry-picked edc111a6831591f68b5355a08cc9df8be8f35304
from upstream https://github.com/PCRE2Project/pcre2
to get this fix into OTP 28.3 and silence valgrind.
---
 erts/emulator/pcre/pcre2_compile_class.c | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/erts/emulator/pcre/pcre2_compile_class.c b/erts/emulator/pcre/pcre2_compile_class.c
index 05c4a5a1e1..3d49c394a9 100644
--- a/erts/emulator/pcre/pcre2_compile_class.c
+++ b/erts/emulator/pcre/pcre2_compile_class.c
@@ -1803,17 +1803,14 @@ if ((xclass_props & XCLASS_REQUIRED) != 0)
       PUT(code, 0, (uint32_t)(char_lists_size >> 1));
       code += LINK_SIZE;
 
-#if defined PCRE2_DEBUG || defined SUPPORT_VALGRIND
+      /* If we added padding to align the list, initialize the bytes to
+      defined values, so the library is valgrind-clean. It could also
+      be a security concern for clients calling into PCRE2 via bindings
+      from a memory-safe language, if pcre2_serialize_encode() exposes
+      uninitialized memory that may contain sensitive information. */
+
       if ((char_lists_size & 0x2) != 0)
-        {
-        /* In debug the unused 16 bit value is set
-        to a fixed value and marked unused. */
-        ((uint16_t*)data)[-1] = 0x5555;
-#ifdef SUPPORT_VALGRIND
-        VALGRIND_MAKE_MEM_NOACCESS(data - 2, 2);
-#endif
-        }
-#endif
+        ((uint16_t*)data)[-1] = 0xdead;
 
       cb->char_lists_size =
         CLIST_ALIGN_TO(char_lists_size, sizeof(uint32_t));
-- 
2.51.0