77 lines
3.3 KiB
Diff
77 lines
3.3 KiB
Diff
|
Function copyStringBuf() uses sizeof(*fb->indexPtr) as size of elements
|
||
|
|
in fb->indexPtr, while addClStringN() usess 'sizeof(long)' for the same
|
||
|
|
elements. Both functions copy indexPtr, but each with different size.
|
||
|
|
|
||
|
|
Therefore, if addClStringN() is called after copyStringBuf(), it may copy more
|
||
|
|
bytes than copyStringBuf() created -> SIGSEGV (or 'Invalid read of size XYZ'
|
||
|
|
in Valgrind logs).
|
||
|
|
|
||
|
|
'sizeof(*buf->indexPtr)' should be consistently used in ClStrBuf.indexPtr
|
||
|
|
and ClArrayBuf.indexPtr.
|
||
|
|
|
||
|
|
diff -up sblim-sfcb-1.3.16/objectImpl.c.invalid-read sblim-sfcb-1.3.16/objectImpl.c
|
||
|
|
--- sblim-sfcb-1.3.16/objectImpl.c.invalid-read 2013-04-19 14:03:04.920602183 +0200
|
||
|
|
+++ sblim-sfcb-1.3.16/objectImpl.c 2013-04-19 14:04:10.229391267 +0200
|
||
|
|
@@ -208,7 +208,7 @@ addClStringN(ClObjectHdr * hdr, const ch
|
||
|
|
buf->bMax = nmax;
|
||
|
|
buf->bUsed = buf->iUsed = 0;
|
||
|
|
buf->iMax = 16;
|
||
|
|
- setStrIndexPtr(buf, malloc(sizeof(long) * 16));
|
||
|
|
+ setStrIndexPtr(buf, malloc(sizeof(*buf->indexPtr) * 16));
|
||
|
|
hdr->flags |= HDR_Rebuild;
|
||
|
|
}
|
||
|
|
|
||
|
|
@@ -222,17 +222,17 @@ addClStringN(ClObjectHdr * hdr, const ch
|
||
|
|
if (!isMallocedStrIndex(buf)) {
|
||
|
|
void *idx = buf->indexPtr;
|
||
|
|
buf->iMax = nmax * 2;
|
||
|
|
- setStrIndexPtr(buf, malloc(buf->iMax * sizeof(long)));
|
||
|
|
- memcpy(buf->indexPtr, idx, nmax * sizeof(long));
|
||
|
|
+ setStrIndexPtr(buf, malloc(buf->iMax * sizeof(*buf->indexPtr)));
|
||
|
|
+ memcpy(buf->indexPtr, idx, nmax * sizeof(*buf->indexPtr));
|
||
|
|
}
|
||
|
|
else {
|
||
|
|
buf->iMax = nmax * 2;
|
||
|
|
- setStrIndexPtr(buf, realloc(buf->indexPtr, buf->iMax * sizeof(long)));
|
||
|
|
+ setStrIndexPtr(buf, realloc(buf->indexPtr, buf->iMax * sizeof(*buf->indexPtr)));
|
||
|
|
}
|
||
|
|
}
|
||
|
|
else {
|
||
|
|
buf->iMax = 16;
|
||
|
|
- setStrIndexPtr(buf, malloc(buf->iMax * sizeof(long)));
|
||
|
|
+ setStrIndexPtr(buf, malloc(buf->iMax * sizeof(*buf->indexPtr)));
|
||
|
|
}
|
||
|
|
hdr->flags |= HDR_Rebuild;
|
||
|
|
}
|
||
|
|
@@ -289,7 +289,7 @@ static long addClArray(ClObjectHdr * hdr
|
||
|
|
buf->bMax = nmax;
|
||
|
|
buf->bUsed = buf->iUsed = 0;
|
||
|
|
buf->iMax = 16;
|
||
|
|
- setArrayIndexPtr(buf, malloc(sizeof(long) * 16));
|
||
|
|
+ setArrayIndexPtr(buf, malloc(sizeof(*buf->indexPtr) * 16));
|
||
|
|
hdr->flags |= HDR_Rebuild;
|
||
|
|
}
|
||
|
|
|
||
|
|
@@ -303,17 +303,17 @@ static long addClArray(ClObjectHdr * hdr
|
||
|
|
if (!isMallocedArrayIndex(buf)) {
|
||
|
|
void *idx = buf->indexPtr;
|
||
|
|
buf->iMax = nmax * 2;
|
||
|
|
- setArrayIndexPtr(buf, malloc(buf->iMax * sizeof(long)));
|
||
|
|
- memcpy(buf->indexPtr, idx, nmax * sizeof(long));
|
||
|
|
+ setArrayIndexPtr(buf, malloc(buf->iMax * sizeof(*buf->indexPtr)));
|
||
|
|
+ memcpy(buf->indexPtr, idx, nmax * sizeof(*buf->indexPtr));
|
||
|
|
}
|
||
|
|
else {
|
||
|
|
buf->iMax = nmax * 2;
|
||
|
|
- setArrayIndexPtr(buf, realloc(buf->indexPtr, buf->iMax * sizeof(long)));
|
||
|
|
+ setArrayIndexPtr(buf, realloc(buf->indexPtr, buf->iMax * sizeof(*buf->indexPtr)));
|
||
|
|
}
|
||
|
|
}
|
||
|
|
else {
|
||
|
|
buf->iMax = 16;
|
||
|
|
- setArrayIndexPtr(buf, malloc(buf->iMax * sizeof(long)));
|
||
|
|
+ setArrayIndexPtr(buf, malloc(buf->iMax * sizeof(*buf->indexPtr)));
|
||
|
|
}
|
||
|
|
hdr->flags |= HDR_Rebuild;
|
||
|
|
}
|