diff options
| author | Alan Coopersmith <alan.coopersmith@oracle.com> | 2013-05-24 23:19:23 -0700 |
|---|---|---|
| committer | Alan Coopersmith <alan.coopersmith@oracle.com> | 2013-08-15 16:52:24 -0700 |
| commit | 2da1bcb656febdab9345f1fec31c974fd7b409bc (patch) | |
| tree | c10d6855aa9a970b9cc414a41fc3a66f5188088c | |
| parent | 787c4c79be18373f58aeaf2fe543f30fe3af2bd1 (diff) | |
Ensure ARRAYofARRAY8 pointers are initialized to NULL
Use calloc for the array of pointers to ensure pointers are cleared out
so we don't try to free garbage if XdmcpDisposeARRAYofARRAY8 is called
before the caller sets them to valid pointers.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
| -rw-r--r-- | Array.c | 19 | ||||
| -rw-r--r-- | test/Array.c | 26 |
2 files changed, 44 insertions, 1 deletions
@@ -44,6 +44,15 @@ xmalloc(size_t size) } /* + * This variant of calloc does not return NULL if zero count is passed into. + */ +static void * +xcalloc(size_t n, size_t size) +{ + return calloc(n ? n : 1, size); +} + +/* * This variant of realloc does not return NULL if zero size is passed into */ static void * @@ -110,7 +119,12 @@ XdmcpAllocARRAYofARRAY8 (ARRAYofARRAY8Ptr array, int length) if (length > UINT8_MAX) array->data = NULL; else - array->data = xmalloc(length * sizeof (ARRAY8)); + /* + * Use calloc to ensure the pointers are cleared out so we + * don't try to free garbage if XdmcpDisposeARRAYofARRAY8() + * is called before the caller sets them to valid pointers. + */ + array->data = xcalloc(length, sizeof (ARRAY8)); if (array->data == NULL) { array->length = 0; @@ -168,6 +182,9 @@ XdmcpReallocARRAYofARRAY8 (ARRAYofARRAY8Ptr array, int length) newData = (ARRAY8Ptr) xrealloc(array->data, length * sizeof (ARRAY8)); if (!newData) return FALSE; + if (length > array->length) + memset(newData + array->length, 0, + (length - array->length) * sizeof (ARRAY8)); array->length = (CARD8) length; array->data = newData; return TRUE; diff --git a/test/Array.c b/test/Array.c index 0f3430e..b246ba8 100644 --- a/test/Array.c +++ b/test/Array.c @@ -23,6 +23,7 @@ #include <stdio.h> #include <stdlib.h> +#include <string.h> #include <assert.h> #include <X11/Xdmcp.h> #include <inttypes.h> @@ -53,10 +54,35 @@ TestAllocOversizeArrays(void) TestAllocOversize(ARRAYofARRAY8, UINT8_MAX + 1); } +static void +TestZeroFillARRAYofARRAY8(void) +{ + ARRAYofARRAY8 aa; + int result; + char *noise; + + printf("Checking XdmcpAllocARRAYofARRAY8 zero fills array...\n"); + /* prefill memory with junk - hopefully next malloc will pick up some */ + noise = malloc(32 * sizeof(ARRAY8)); + memset(noise, 0xdeadbeef, 32 * sizeof(ARRAY8)); + free(noise); + result = XdmcpAllocARRAYofARRAY8(&aa, 32); + assert(result == TRUE); + assert(aa.length == 32); + assert(aa.data[4].data == NULL); + printf("Checking XdmcpReallocARRAYofARRAY8 zero fills array...\n"); + result = XdmcpAllocARRAYofARRAY8(&aa, 48); + assert(result == TRUE); + assert(aa.length == 48); + assert(aa.data[40].data == NULL); + XdmcpDisposeARRAYofARRAY8(&aa); +} + int main(int argc, char **argv) { TestAllocOversizeArrays(); + TestZeroFillARRAYofARRAY8(); exit(0); } |