mirror of
https://gitlab.freedesktop.org/pipewire/pipewire
synced 2024-10-01 13:44:40 +00:00
array: re-initialize the array in pw_array_clear()
Leaving the data nonzero is a use-after-free bug waiting to happen.
This commit is contained in:
parent
7123fadc37
commit
e36183d3cf
|
@ -98,6 +98,7 @@ static inline void pw_array_init(struct pw_array *arr, size_t extend)
|
|||
static inline void pw_array_clear(struct pw_array *arr)
|
||||
{
|
||||
free(arr->data);
|
||||
pw_array_init(arr, arr->extend);
|
||||
}
|
||||
|
||||
/** Reset the array */
|
||||
|
|
|
@ -108,10 +108,39 @@ PWTEST(array_test)
|
|||
return PWTEST_PASS;
|
||||
}
|
||||
|
||||
PWTEST(array_clear)
|
||||
{
|
||||
struct pw_array arr;
|
||||
uint32_t *ptr;
|
||||
uint32_t vals[] = { 0, 100, 0x8a, 0 };
|
||||
size_t i;
|
||||
|
||||
pw_array_init(&arr, 64);
|
||||
|
||||
for (i = 0; i < 4; i++) {
|
||||
ptr = (uint32_t*)pw_array_add(&arr, sizeof(uint32_t));
|
||||
*ptr = vals[i];
|
||||
}
|
||||
pwtest_int_eq(pw_array_get_len(&arr, uint32_t), 4U);
|
||||
pw_array_clear(&arr);
|
||||
pwtest_int_eq(pw_array_get_len(&arr, uint32_t), 0U);
|
||||
|
||||
for (i = 0; i < 4; i++) {
|
||||
ptr = (uint32_t*)pw_array_add(&arr, sizeof(uint32_t));
|
||||
*ptr = vals[i];
|
||||
}
|
||||
pwtest_int_eq(pw_array_get_len(&arr, uint32_t), 4U);
|
||||
pw_array_clear(&arr);
|
||||
pwtest_int_eq(pw_array_get_len(&arr, uint32_t), 0U);
|
||||
|
||||
return PWTEST_PASS;
|
||||
}
|
||||
|
||||
PWTEST_SUITE(pw_array)
|
||||
{
|
||||
pwtest_add(array_test_abi, PWTEST_NOARG);
|
||||
pwtest_add(array_test, PWTEST_NOARG);
|
||||
pwtest_add(array_clear, PWTEST_NOARG);
|
||||
|
||||
return PWTEST_PASS;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue