From 7b435dfa7cfbfa9e3e77361f7b008d5b98b46b45 Mon Sep 17 00:00:00 2001 From: Philip Withnall Date: Fri, 28 Jun 2024 15:25:30 +0100 Subject: [PATCH] garray: Fix g_ptr_array_insert() with indices > G_MAXINT MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit While an index greater than `G_MAXINT` can’t be passed to `g_ptr_array_insert()`, `-1` can be — and if that’s done with an array which has more than `G_MAXINT` elements in it, the new element will be inserted part-way through the array rather than being appended. Spotted by building with `-Wsign-conversion`. Signed-off-by: Philip Withnall Helps: #3405 --- glib/garray.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/glib/garray.c b/glib/garray.c index 413ea8539..f67099315 100644 --- a/glib/garray.c +++ b/glib/garray.c @@ -2338,23 +2338,23 @@ g_ptr_array_insert (GPtrArray *array, gpointer data) { GRealPtrArray *rarray = (GRealPtrArray *)array; + guint real_index; g_return_if_fail (rarray); g_return_if_fail (index_ >= -1); - g_return_if_fail (index_ <= (gint)rarray->len); + g_return_if_fail (index_ < 0 || (guint) index_ <= rarray->len); g_ptr_array_maybe_expand (rarray, 1u + rarray->null_terminated); - if (index_ < 0) - index_ = rarray->len; + real_index = (index_ >= 0) ? (guint) index_ : rarray->len; - if ((guint) index_ < rarray->len) - memmove (&(rarray->pdata[index_ + 1]), - &(rarray->pdata[index_]), - (rarray->len - index_) * sizeof (gpointer)); + if (real_index < rarray->len) + memmove (&(rarray->pdata[real_index + 1]), + &(rarray->pdata[real_index]), + (rarray->len - real_index) * sizeof (gpointer)); rarray->len++; - rarray->pdata[index_] = data; + rarray->pdata[real_index] = data; ptr_array_maybe_null_terminate (rarray); }