GNOME.org
 

[glib/th/g-ptr-array-extend-and-steal-crash] array: fix corrupt state of GPtrArray after g_ptr_array_extend_and_steal()

commit 8b542aac0c73a75a3fea4628b1514574f08386e7
Author: Thomas Haller <thaller redhat com>
Date:   Thu May 7 08:43:14 2020 +0200

    array: fix corrupt state of GPtrArray after g_ptr_array_extend_and_steal()
    
    g_ptr_array_extend_and_steal() leaves the GPtrArray in an invalid state,
    so if you would try to append another pointer, it leads to a crash.
    
    Also adjust the test case so that it would result in the crash (without
    the fix).
    
    Fixes: 0675703af08d ('Adding g_ptr_array_extend_and_steal() function to glib/garray.c')

 glib/garray.c           | 1 +
 glib/tests/array-test.c | 2 ++
 2 files changed, 3 insertions(+)
---
diff --git a/glib/garray.c b/glib/garray.c
index be482335a..613c6401c 100644
--- a/glib/garray.c
+++ b/glib/garray.c
@@ -1890,6 +1890,7 @@ g_ptr_array_extend_and_steal (GPtrArray  *array_to_extend,
    * to the elements moved from @array to @array_to_extend. */
   pdata = g_steal_pointer (&array->pdata);
   array->len = 0;
+  ((GRealPtrArray *) array)->alloc = 0;
   g_ptr_array_unref (array);
   g_free (pdata);
 }
diff --git a/glib/tests/array-test.c b/glib/tests/array-test.c
index bdd6a2cb9..1da514a3e 100644
--- a/glib/tests/array-test.c
+++ b/glib/tests/array-test.c
@@ -1298,6 +1298,8 @@ pointer_array_extend_and_steal (void)
   g_assert_cmpuint (ptr_array3->len, ==, 0);
   g_assert_null (ptr_array3->pdata);
 
+  g_ptr_array_add (ptr_array2, NULL);
+
   g_ptr_array_free (ptr_array, TRUE);
   g_ptr_array_free (ptr_array3, TRUE);
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]