| 1 |
commit: 335e3c30ebd98959a53c22b12b17f907d7def48c |
| 2 |
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Thu Nov 26 08:41:47 2015 +0000 |
| 4 |
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Thu Nov 26 08:41:47 2015 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=335e3c30 |
| 7 |
|
| 8 |
xarray: move ele update to after bounds check |
| 9 |
|
| 10 |
Even though we don't use the loaded ele value until after we check |
| 11 |
the bounds of the counter, it makes ASAN unhappy, and might cause |
| 12 |
a load of invalid memory. |
| 13 |
|
| 14 |
URL: https://bugs.gentoo.org/553368 |
| 15 |
Reported-by: Hanno Boeck <hanno <AT> gentoo.org> |
| 16 |
|
| 17 |
xfuncs.h | 8 ++++++-- |
| 18 |
1 file changed, 6 insertions(+), 2 deletions(-) |
| 19 |
|
| 20 |
diff --git a/xfuncs.h b/xfuncs.h |
| 21 |
index 82f5da0..61577ec 100644 |
| 22 |
--- a/xfuncs.h |
| 23 |
+++ b/xfuncs.h |
| 24 |
@@ -27,10 +27,14 @@ void xarraypush(array_t *array, const void *ele, size_t ele_len); |
| 25 |
#define xarraypush_str(arr, ele) xarraypush(arr, ele, strlen(ele) + 1 /*NUL*/) |
| 26 |
void xarrayfree(array_t *array); |
| 27 |
#define xrealloc_array(ptr, size, ele_size) xrealloc(ptr, (size) * (ele_size)) |
| 28 |
+/* The assignment after the check is unfortunate as we do a non-NULL check (we |
| 29 |
+ * already do not permit pushing of NULL pointers), but we can't put it in the |
| 30 |
+ * increment phase as that will cause a load beyond the bounds of valid memory. |
| 31 |
+ */ |
| 32 |
#define array_for_each(arr, n, ele) \ |
| 33 |
for (n = 0, ele = array_cnt(arr) ? arr->eles[n] : NULL; \ |
| 34 |
- n < array_cnt(arr); \ |
| 35 |
- ele = arr->eles[++n]) |
| 36 |
+ n < array_cnt(arr) && (ele = arr->eles[n]); \ |
| 37 |
+ ++n) |
| 38 |
#define array_init_decl { .eles = NULL, .num = 0, } |
| 39 |
#define array_cnt(arr) (arr)->num |
| 40 |
char *array_flatten_str(array_t *array); |
Archives