forked from pool/wayland
51 lines
1.5 KiB
Diff
51 lines
1.5 KiB
Diff
|
|
||
|
m e8ad23266f36521215dcd7cfcc524e0ef67d66dd Mon Sep 17 00:00:00 2001
|
||
|
From: Yong Bakos <ybakos@humanoriented.com>
|
||
|
Date: Tue, 27 Sep 2016 13:03:48 -0500
|
||
|
Subject: wl_array: Set data to invalid address after free
|
||
|
|
||
|
Explicitly set the data member to an invalid memory address during
|
||
|
wl_array_release, such that re-using a freed wl_array without re-initializing
|
||
|
causes a crash. In addition, this pointer assignment makes wl_array_release
|
||
|
testable.
|
||
|
|
||
|
Define a constant for the invalid memory address, and add documentation about
|
||
|
this behavior, starting at libwayland version 1.13.
|
||
|
|
||
|
See https://lists.freedesktop.org/archives/wayland-devel/2016-September/031116.html
|
||
|
|
||
|
Signed-off-by: Yong Bakos <ybakos@humanoriented.com>
|
||
|
Reviewed-by: Eric Engestrom <eric.engestrom@imgtec.com>
|
||
|
[Pekka: remove the doc about crashing]
|
||
|
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
|
||
|
|
||
|
diff --git a/src/wayland-private.h b/src/wayland-private.h
|
||
|
index ac712d9..ef58ccf 100644
|
||
|
--- a/src/wayland-private.h
|
||
|
+++ b/src/wayland-private.h
|
||
|
@@ -36,6 +36,9 @@
|
||
|
|
||
|
#include "wayland-util.h"
|
||
|
|
||
|
+/* Invalid memory address */
|
||
|
+#define WL_ARRAY_POISON_PTR (void *) 4
|
||
|
+
|
||
|
#define ARRAY_LENGTH(a) (sizeof (a) / sizeof (a)[0])
|
||
|
|
||
|
#define container_of(ptr, type, member) ({ \
|
||
|
diff --git a/src/wayland-util.c b/src/wayland-util.c
|
||
|
index 639ccf8..077fec7 100644
|
||
|
--- a/src/wayland-util.c
|
||
|
+++ b/src/wayland-util.c
|
||
|
@@ -102,6 +102,7 @@ WL_EXPORT void
|
||
|
wl_array_release(struct wl_array *array)
|
||
|
{
|
||
|
free(array->data);
|
||
|
+ array->data = WL_ARRAY_POISON_PTR;
|
||
|
}
|
||
|
|
||
|
WL_EXPORT void *
|
||
|
--
|
||
|
cgit v0.10.2
|
||
|
|