[gentoo-commits] gentoo-projects commit in pax-utils: xfuncs.c

Thu, 20 Mar 2014 00:52:25 -0700 

vapier      14/03/20 07:52:07

  Modified:             xfuncs.c
  Log:
  fix possible memory read errors when walking arrays
  
  the current code will always fetch the arr->eles[n] in array_for_each before 
doing the n < arr->num check.  gcc might optimize it such that the read occurs 
rather than delaying it until after the loop limit check, but it also might 
not.  at any rate, ASAN catches it and complains mightly.  this new method ends 
up wasting 1 pointer worth of memory, but we wont worry about 4 or 8 bytes per 
array as this code is not that critical.

Revision  Changes    Path
1.12                 pax-utils/xfuncs.c

file : 
http://sources.gentoo.org/viewvc.cgi/gentoo-projects/pax-utils/xfuncs.c?rev=1.12&view=markup
plain: 
http://sources.gentoo.org/viewvc.cgi/gentoo-projects/pax-utils/xfuncs.c?rev=1.12&content-type=text/plain
diff : 
http://sources.gentoo.org/viewvc.cgi/gentoo-projects/pax-utils/xfuncs.c?r1=1.11&r2=1.12

Index: xfuncs.c
===================================================================
RCS file: /var/cvsroot/gentoo-projects/pax-utils/xfuncs.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- xfuncs.c    4 Nov 2012 07:26:24 -0000       1.11
+++ xfuncs.c    20 Mar 2014 07:52:07 -0000      1.12
@@ -1,7 +1,7 @@
 /*
  * Copyright 2003-2012 Gentoo Foundation
  * Distributed under the terms of the GNU General Public License v2
- * $Header: /var/cvsroot/gentoo-projects/pax-utils/xfuncs.c,v 1.11 2012/11/04 
07:26:24 vapier Exp $
+ * $Header: /var/cvsroot/gentoo-projects/pax-utils/xfuncs.c,v 1.12 2014/03/20 
07:52:07 vapier Exp $
  *
  * Copyright 2003-2012 Ned Ludd        - <so...@gentoo.org>
  * Copyright 2004-2012 Mike Frysinger  - <vap...@gentoo.org>
@@ -75,7 +75,11 @@
 void xarraypush(array_t *arr, const void *ele, size_t ele_len)
 {
        size_t n = arr->num++;
-       arr->eles = xrealloc_array(arr->eles, arr->num, sizeof(ele));
+       /* We allocate one excess element so that array_for_each can
+        * always safely fetch the next element.  It's minor memory
+        * wastage to avoid having to do a len check all the time.
+        */
+       arr->eles = xrealloc_array(arr->eles, arr->num + 1, sizeof(ele));
        arr->eles[n] = xmemdup(ele, ele_len);
 }

Reply via email to