From 5364ae41aaa4718853b41dd0d312555867b990f1 Mon Sep 17 00:00:00 2001 From: Tomasz Blaszczak Date: Fri, 25 Jun 2021 12:04:49 +0200 Subject: [PATCH] Resize array in remove_from_array() and fix a crash When an item is added to an array, then the array is realloc()ed (to size+1), and the item is copied (strdup()) to the array. Thus, when an item is removed from an array, allocated memory pointed by the item (not the item itself) should be freed, successive items should be left-shifted and the array realloc()ed again (size-1). Additional changes: - Initialize an array in list_all_containers(). Signed-off-by: Tomasz Blaszczak --- src/lxc/lxccontainer.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c index b1be7e0ed..c533d9dd4 100644 --- a/src/lxc/lxccontainer.c +++ b/src/lxc/lxccontainer.c @@ -2262,7 +2262,7 @@ static inline int container_cmp(struct lxc_container **first, static bool add_to_array(char ***names, char *cname, int pos) { - char **newnames = realloc(*names, (pos+1) * sizeof(char *)); + char **newnames = (char**)realloc(*names, (pos+1) * sizeof(char *)); if (!newnames) { ERROR("Out of memory"); return false; @@ -2270,10 +2270,8 @@ static bool add_to_array(char ***names, char *cname, int pos) *names = newnames; newnames[pos] = strdup(cname); - if (!newnames[pos]) { - *names = (char**)realloc(*names, (pos) * sizeof(char *)); + if (!newnames[pos]) return false; - } /* Sort the array as we will use binary search on it. */ qsort(newnames, pos + 1, sizeof(char *), @@ -2322,12 +2320,16 @@ static bool remove_from_array(char ***names, char *cname, int size) { char **result = get_from_array(names, cname, size); if (result != NULL) { - int i; - for (i = 0; (*names)[i] != *result && i < size; i++) { - } + size_t i = result - *names; free(*result); memmove(*names+i, *names+i+1, (size-i-1) * sizeof(char*)); - *names = (char**)realloc(*names, (size-1) * sizeof(char *)); + char **newnames = (char**)realloc(*names, (size-1) * sizeof(char *)); + if (!newnames) { + ERROR("Out of memory"); + return false; + } + + *names = newnames; return true; } -- 2.47.2