we use calloc

armsrc/hitag2crack.c

@@ -569,7 +569,7 @@ bool hitag2_keystream(uint8_t *response, uint8_t *nrarhex) {
     uint8_t *spaceptr = NULL;
 
     /*
-        keybits = malloc(2080);
+        keybits = calloc(2080, sizeof(uint8_t));
         if (!keybits) {
             UserMessage("cannot malloc keybits\r\n");
             return false;

client/src/cmdlfem4x05.c

@@ -2020,7 +2020,7 @@ int CmdEM4x05Sniff(const char *Cmd) {
     PrintAndLogEx(SUCCESS, "-------+-------------+----------+-----+------------------------------------------------------------");
 
     smartbuf bits = { 0 };
-    bits.ptr = malloc(EM4X05_BITS_BUFSIZE);
+    bits.ptr = calloc(EM4X05_BITS_BUFSIZE, sizeof(uint8_t));
     bits.size = EM4X05_BITS_BUFSIZE;
     bits.idx = 0;
     size_t idx = 0;

client/src/crypto/libpcrypto.c

@@ -629,8 +629,10 @@ int blowfish_decrypt(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *output,
     mbedtls_blowfish_init(&blow);
     if (mbedtls_blowfish_setkey(&blow, key, 64))
         return 1;
+
     if (mbedtls_blowfish_crypt_cbc(&blow, MBEDTLS_BLOWFISH_DECRYPT, length, iiv, input, output))
         return 2;
+
     mbedtls_blowfish_free(&blow);
 
     return 0;
@@ -647,7 +649,7 @@ int ansi_x963_sha256(uint8_t *sharedSecret, size_t sharedSecretLen, uint8_t *sha
     uint32_t counter = 0x00000001;
 
     for (int i = 0; i < (keyDataLen / 32); ++i) {
-        uint8_t *hashMaterial = malloc(4 + sharedSecretLen + sharedInfoLen);
+        uint8_t *hashMaterial = calloc(4 + sharedSecretLen + sharedInfoLen, sizeof(uint8_t));
         memcpy(hashMaterial, sharedSecret, sharedSecretLen);
         hashMaterial[sharedSecretLen] = (counter >> 24);
         hashMaterial[sharedSecretLen + 1] = (counter >> 16) & 0xFF;