[vlc-commits] vlc_arrays: make "pos" expansion-safe

Wed, 29 Aug 2018 03:08:01 -0700 

vlc | branch: master | Romain Vimont <ro...@videolabs.io> | Tue Aug 28 10:52:21 
2018 +0200| [65366bd416413b4a7d0b0a825703e266ffea9c65] | committer: 
Jean-Baptiste Kempf

vlc_arrays: make "pos" expansion-safe

In a call to ARRAY_INSERT(array, elem, index + 1), "-pos" was expanded
to "-index + 1" instead of "-(index + 1)", leading to surprising results
and crashes.

Signed-off-by: Jean-Baptiste Kempf <j...@videolan.org>

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=65366bd416413b4a7d0b0a825703e266ffea9c65
---

 include/vlc_arrays.h | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/include/vlc_arrays.h b/include/vlc_arrays.h
index 0d6c2dd371..4f52fb2acd 100644
--- a/include/vlc_arrays.h
+++ b/include/vlc_arrays.h
@@ -210,9 +210,9 @@ static inline void *realloc_or_free( void *p, size_t sz )
 #define ARRAY_INSERT(array,elem,pos)                                        \
   do {                                                                      \
     _ARRAY_GROW1(array);                                                    \
-    if( (array).i_size - pos ) {                                            \
-        memmove( (array).p_elems + pos + 1, (array).p_elems + pos,          \
-                 ((array).i_size-pos) * sizeof(*(array).p_elems) );         \
+    if( (array).i_size - (pos) ) {                                          \
+        memmove( (array).p_elems + (pos) + 1, (array).p_elems + (pos),      \
+                 ((array).i_size-(pos)) * sizeof(*(array).p_elems) );       \
     }                                                                       \
     (array).p_elems[pos] = elem;                                            \
     (array).i_size++;                                                       \
@@ -231,8 +231,8 @@ static inline void *realloc_or_free( void *p, size_t sz )
   do {                                                                      \
     if( (array).i_size - (pos) - 1 )                                        \
     {                                                                       \
-        memmove( (array).p_elems + pos, (array).p_elems + pos + 1,          \
-                 ( (array).i_size - pos - 1 ) *sizeof(*(array).p_elems) );  \
+        memmove( (array).p_elems + (pos), (array).p_elems + (pos) + 1,      \
+                 ( (array).i_size - (pos) - 1 ) *sizeof(*(array).p_elems) );\
     }                                                                       \
     (array).i_size--;                                                       \
     _ARRAY_SHRINK(array);                                                   \

_______________________________________________
vlc-commits mailing list
vlc-commits@videolan.org
https://mailman.videolan.org/listinfo/vlc-commits

Reply via email to