[vlc-devel] [PATCH] vlc_arrays: make "pos" expansion-safe
Romain Vimont
rom1v at videolabs.io
Tue Aug 28 10:52:21 CEST 2018
In a call to ARRAY_INSERT(array, elem, index + 1), "-pos" was expanded
to "-index + 1" instead of "-(index + 1)", leading to surprising results
and crashes.
---
include/vlc_arrays.h | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/include/vlc_arrays.h b/include/vlc_arrays.h
index bc2ae2ae6d..9bc6c354f1 100644
--- a/include/vlc_arrays.h
+++ b/include/vlc_arrays.h
@@ -210,9 +210,9 @@ static inline void *realloc_or_free( void *p, size_t sz )
#define ARRAY_INSERT(array,elem,pos) \
do { \
_ARRAY_GROW1(array); \
- if( (array).i_size - pos ) { \
- memmove( (array).p_elems + pos + 1, (array).p_elems + pos, \
- ((array).i_size-pos) * sizeof(*(array).p_elems) ); \
+ if( (array).i_size - (pos) ) { \
+ memmove( (array).p_elems + (pos) + 1, (array).p_elems + (pos), \
+ ((array).i_size-(pos)) * sizeof(*(array).p_elems) ); \
} \
(array).p_elems[pos] = elem; \
(array).i_size++; \
@@ -231,8 +231,8 @@ static inline void *realloc_or_free( void *p, size_t sz )
do { \
if( (array).i_size - (pos) - 1 ) \
{ \
- memmove( (array).p_elems + pos, (array).p_elems + pos + 1, \
- ( (array).i_size - pos - 1 ) *sizeof(*(array).p_elems) ); \
+ memmove( (array).p_elems + (pos), (array).p_elems + (pos) + 1, \
+ ( (array).i_size - (pos) - 1 ) *sizeof(*(array).p_elems) );\
} \
(array).i_size--; \
_ARRAY_SHRINK(array); \
--
2.18.0
More information about the vlc-devel
mailing list