Fix use-of-uninitialized-value in pjsip_auth_clt_init_req

[Copilot]

Reported by OSS Fuzz:

MemorySanitizer reported a use-of-uninitialized-value in pjsip_auth_clt_init_req (sip_auth_client.c:1459) when reading sess->pref.initial_auth. The pref field (pjsip_auth_clt_pref) was never initialized in pjsip_auth_clt_init, so any call to pjsip_auth_clt_init_req without a prior pjsip_auth_clt_set_prefs reads garbage memory.

Description

Zero-initialize sess->pref in pjsip_auth_clt_init:

// pjsip/src/pjsip/sip_auth_client.c
sess->pool = pool;
sess->endpt = endpt;
sess->cred_cnt = 0;
sess->cred_info = NULL;
pj_list_init(&sess->cached_auth);
pj_bzero(&sess->pref, sizeof(sess->pref));  /* added */

This sets initial_auth to PJ_FALSE and algorithm to an empty pj_str_t — the correct defaults matching the documented behavior.

Motivation and Context

MSan trace from fuzzer (fuzz-sip.c):

==248==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 in pjsip_auth_clt_init_req sip_auth_client.c:1459
    #1 in do_test_auth_client fuzz-sip.c:280

pjsip_auth_clt_init initializes every other field in pjsip_auth_clt_sess explicitly but omitted pref.

How Has This Been Tested?

Built with no errors or warnings (make -j3).

Screenshots (if appropriate):

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• My code follows the CODING STYLE of this project.
• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have read the CONTRIBUTING document.
• I have added tests to cover my changes.
• All new and existing tests passed.

---

💬 Send tasks to Copilot coding agent from Slack and Teams to turn conversations into code. Copilot posts an update in your thread when it's finished.