From 8b542aac0c73a75a3fea4628b1514574f08386e7 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Thu, 7 May 2020 08:43:14 +0200 Subject: [PATCH] array: fix corrupt state of GPtrArray after g_ptr_array_extend_and_steal() g_ptr_array_extend_and_steal() leaves the GPtrArray in an invalid state, so if you would try to append another pointer, it leads to a crash. Also adjust the test case so that it would result in the crash (without the fix). Fixes: 0675703af08d ('Adding g_ptr_array_extend_and_steal() function to glib/garray.c') --- glib/garray.c | 1 + glib/tests/array-test.c | 2 ++ 2 files changed, 3 insertions(+) diff --git a/glib/garray.c b/glib/garray.c index be482335a..613c6401c 100644 --- a/glib/garray.c +++ b/glib/garray.c @@ -1890,6 +1890,7 @@ g_ptr_array_extend_and_steal (GPtrArray *array_to_extend, * to the elements moved from @array to @array_to_extend. */ pdata = g_steal_pointer (&array->pdata); array->len = 0; + ((GRealPtrArray *) array)->alloc = 0; g_ptr_array_unref (array); g_free (pdata); } diff --git a/glib/tests/array-test.c b/glib/tests/array-test.c index bdd6a2cb9..1da514a3e 100644 --- a/glib/tests/array-test.c +++ b/glib/tests/array-test.c @@ -1298,6 +1298,8 @@ pointer_array_extend_and_steal (void) g_assert_cmpuint (ptr_array3->len, ==, 0); g_assert_null (ptr_array3->pdata); + g_ptr_array_add (ptr_array2, NULL); + g_ptr_array_free (ptr_array, TRUE); g_ptr_array_free (ptr_array3, TRUE);