From: Eric Haszlakiewicz Date: Sun, 9 Jul 2017 02:04:35 +0000 (-0700) Subject: Issue #332: fix a long-standing bug in array_list_put_idx() where it would attempt... X-Git-Tag: json-c-0.13-20171207~83 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fd9b3b2;p=thirdparty%2Fjson-c.git Issue #332: fix a long-standing bug in array_list_put_idx() where it would attempt to free previously free'd entries due to not checking the current array length. Add a test that triggers the problem to ensure it stays fixed. --- diff --git a/arraylist.c b/arraylist.c index e859dfd0..8439cc2d 100644 --- a/arraylist.c +++ b/arraylist.c @@ -96,7 +96,8 @@ array_list_put_idx(struct array_list *arr, size_t idx, void *data) { if (idx > SIZE_T_MAX - 1 ) return -1; if(array_list_expand_internal(arr, idx+1)) return -1; - if(arr->array[idx]) arr->free_fn(arr->array[idx]); + if(idx < arr->length && arr->array[idx]) + arr->free_fn(arr->array[idx]); arr->array[idx] = data; if(arr->length <= idx) arr->length = idx + 1; return 0; diff --git a/tests/test1.c b/tests/test1.c index a53c4ce9..3ddaf720 100644 --- a/tests/test1.c +++ b/tests/test1.c @@ -120,6 +120,19 @@ void test_array_del_idx() (int)(orig_array_len + 1), rc, json_object_to_json_string(my_array)); json_object_put(my_array); + + /* Delete some array indexes, then add more */ + my_array = make_array(); + rc = json_object_array_del_idx(my_array, 0, orig_array_len - 1); + printf("after del_idx(0,%d)=%d, my_array.to_string()=%s\n", + (int)(orig_array_len - 1), rc, json_object_to_json_string(my_array)); + json_object_array_add(my_array, json_object_new_string("s1")); + json_object_array_add(my_array, json_object_new_string("s2")); + json_object_array_add(my_array, json_object_new_string("s3")); + + printf("after adding more entries, my_array.to_string()=%s\n", + json_object_to_json_string(my_array)); + json_object_put(my_array); } int main(int argc, char **argv)