[seed] Append user data to the new arguments array, not the source one

From: Alan Knowles <alank src gnome org>
To: commits-list gnome org
Cc:
Subject: [seed] Append user data to the new arguments array, not the source one
Date: Thu, 14 Mar 2013 23:10:14 +0000 (UTC)

commit 919efb474ed04853b9aff6622148a9be0ddc9a68
Author: Gustavo Noronha Silva <gustavo noronha collabora com>
Date:   Thu Mar 14 17:27:08 2013 -0300

    Append user data to the new arguments array, not the source one
    
    This code was previously adding a new item to the passed in array
    instead of appending it to the newly created array, causing a buffer
    overflow that sometimes ends in stack corruption and a crash.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=695876

 libseed/seed-closure.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/libseed/seed-closure.c b/libseed/seed-closure.c
index 9659ded..d0503e5 100644
--- a/libseed/seed-closure.c
+++ b/libseed/seed-closure.c
@@ -375,7 +375,7 @@ seed_closure_invoke (GClosure * closure, JSValueRef * args, guint argc,
   seed_prepare_global_context (ctx);
   for (i = 0; i < argc; i++)
     real_args[i] = args[i];
-  args[argc] =
+  real_args[argc] =
     ((SeedClosure *) closure)->user_data ? ((SeedClosure *) closure)->
     user_data : JSValueMakeNull (ctx);
 
@@ -398,7 +398,7 @@ seed_closure_invoke_with_context (JSContextRef ctx, GClosure * closure,
 
   for (i = 0; i < argc; i++)
     real_args[i] = args[i];
-  args[argc] =
+  real_args[argc] =
     ((SeedClosure *) closure)->user_data ? ((SeedClosure *) closure)->
     user_data : JSValueMakeNull (ctx);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]