host_cmd: zero-initialize response buffer (#215)

rkr35 · web-flow · commit f4fc0d807b14 · 2026-02-24T17:37:56.000-08:00
Unit tests that don't appropriately mock host command responses in
`libhoth_receive_response` will cause `resp.hdr` and `resp.payload_buf` to be
uninitialized.

Using `resp` in

```c
  status = validate_ec_response_header(&amp;resp.hdr, resp.payload_buf, resp_size);
```

will access uninitialized memory.
diff --git a/protocol/host_cmd.c b/protocol/host_cmd.c
@@ -186,8 +186,8 @@ int libhoth_hostcmd_exec(struct libhoth_device* dev, uint16_t command,
     struct hoth_host_response hdr;
     uint8_t
         payload_buf[LIBHOTH_MAILBOX_SIZE - sizeof(struct hoth_host_response)];
-  } resp;
-  size_t resp_size;
+  } resp = {};
+  size_t resp_size = 0;
   status = libhoth_receive_response(dev, &resp, sizeof(resp), &resp_size,
                                     HOTH_CMD_TIMEOUT_MS_DEFAULT);
   if (status != LIBHOTH_OK) {
