SHA256
1
0
forked from pool/wayland
wayland/wayland-wl_array_Set_data_to_invalid_address_after_free.patch

51 lines
1.5 KiB
Diff
Raw Normal View History

m e8ad23266f36521215dcd7cfcc524e0ef67d66dd Mon Sep 17 00:00:00 2001
From: Yong Bakos <ybakos@humanoriented.com>
Date: Tue, 27 Sep 2016 13:03:48 -0500
Subject: wl_array: Set data to invalid address after free
Explicitly set the data member to an invalid memory address during
wl_array_release, such that re-using a freed wl_array without re-initializing
causes a crash. In addition, this pointer assignment makes wl_array_release
testable.
Define a constant for the invalid memory address, and add documentation about
this behavior, starting at libwayland version 1.13.
See https://lists.freedesktop.org/archives/wayland-devel/2016-September/031116.html
Signed-off-by: Yong Bakos <ybakos@humanoriented.com>
Reviewed-by: Eric Engestrom <eric.engestrom@imgtec.com>
[Pekka: remove the doc about crashing]
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
diff --git a/src/wayland-private.h b/src/wayland-private.h
index ac712d9..ef58ccf 100644
--- a/src/wayland-private.h
+++ b/src/wayland-private.h
@@ -36,6 +36,9 @@
#include "wayland-util.h"
+/* Invalid memory address */
+#define WL_ARRAY_POISON_PTR (void *) 4
+
#define ARRAY_LENGTH(a) (sizeof (a) / sizeof (a)[0])
#define container_of(ptr, type, member) ({ \
diff --git a/src/wayland-util.c b/src/wayland-util.c
index 639ccf8..077fec7 100644
--- a/src/wayland-util.c
+++ b/src/wayland-util.c
@@ -102,6 +102,7 @@ WL_EXPORT void
wl_array_release(struct wl_array *array)
{
free(array->data);
+ array->data = WL_ARRAY_POISON_PTR;
}
WL_EXPORT void *
--
cgit v0.10.2