On Wed, May 07, 2025 at 09:05:48PM +0200, Martin Wilck wrote: > We use v->allocated with the semantics of "length" or "number of used > elements" of a vector. If realloc() fails while deleting an element, > we should keep the previously allocated v->slot array but still > decrement "allocated" in order to avoid accessing invalid vector > elements. > > The next successful realloc will bring v->allocated and the actual > size of the array in sync again. > > Signed-off-by: Martin Wilck <mwi...@suse.com>
Reviewed-by: Benjamin Marzinski <bmarz...@redhat.com> > --- > libmpathutil/vector.c | 14 ++++++++++---- > 1 file changed, 10 insertions(+), 4 deletions(-) > > diff --git a/libmpathutil/vector.c b/libmpathutil/vector.c > index 7f763cb..f69d644 100644 > --- a/libmpathutil/vector.c > +++ b/libmpathutil/vector.c > @@ -113,7 +113,7 @@ vector_del_slot(vector v, int slot) > return; > > for (i = slot + 1; i < VECTOR_SIZE(v); i++) > - v->slot[i-1] = v->slot[i]; > + v->slot[i - 1] = v->slot[i]; > > v->allocated -= VECTOR_DEFAULT_SIZE; > > @@ -125,9 +125,15 @@ vector_del_slot(vector v, int slot) > void *new_slot; > > new_slot = realloc(v->slot, sizeof (void *) * v->allocated); > - if (!new_slot) > - v->allocated += VECTOR_DEFAULT_SIZE; > - else > + /* > + * If realloc() fails, v->allocated will be smaller than the > + * actual allocated size vector size. > + * This is intentional; we want VECTOR_SIZE() to return > + * the number of used elements. Otherwise, > vector_for_each_slot() > + * et al. wouldn't work as intended; there might be duplicate > + * or stale elements at the end of the vector. > + */ > + if (new_slot) > v->slot = new_slot; > } > } > -- > 2.49.0